HITRUST/HIPAA

Azure BuiltIn Policy Initiative (PolicySet)

Policy types

Policy states

Policy categories

Total Policies: 595
Builtin Policies: 595
Static Policies: 0

GA: 592
Preview: 3

21 categories:

App Service: 10
Backup: 1
Batch: 1
Cache: 1
Compute: 4
Data Lake: 3
Event Hub: 1
General: 1
Guest Configuration: 23
Internet of Things: 1
Key Vault: 4
Logic Apps: 1
Monitoring: 8
Network: 11
Regulatory Compliance: 496
Search: 1
Security Center: 12
Service Bus: 1
SQL: 12
Storage: 2
Stream Analytics: 1

Rows: 1-10 / 595

Records:

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Page of 60

Policy DisplayName

Policy Id

Category

Version

Versioning

Effect

Roles#

Roles

State

policy in AzUSGov

[Preview]: Container Registry should use a virtual network service endpoint

c4857be7-912a-4c75-87e6-e30292bcdf78

Network

1.0.0-preview

1x
1.0.0-preview

Default
Audit
Allowed
Audit, Disabled

Preview

true

[Preview]: Network traffic data collection agent should be installed on Linux virtual machines

04c4380f-3fae-46e8-96c9-30193528f602

Monitoring

1.0.2-preview

1x
1.0.2-preview

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

Preview

true

[Preview]: Network traffic data collection agent should be installed on Windows virtual machines

2f2ee1de-44aa-4762-b6bd-0893fc3f306d

Monitoring

1.0.2-preview

1x
1.0.2-preview

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

Preview

true

A maximum of 3 owners should be designated for your subscription

4f11b553-d42e-4e3a-89be-32ca364cad4c

Security Center

3.0.0

1x
3.0.0

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

true

A vulnerability assessment solution should be enabled on your virtual machines

501541f7-f7e7-4cd6-868c-4190fdad3ac9

Security Center

3.0.0

1x
3.0.0

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

true

Accept assessment results

3054c74b-9b45-2581-56cf-053a1a716c39

Regulatory Compliance

1.1.0

1x
1.1.0

Default
Manual
Allowed
Manual, Disabled

unknown

Accept only FICAM-approved third-party credentials

2d2ca910-7957-23ee-2945-33f401606efc

Regulatory Compliance

1.1.0

1x
1.1.0

Default
Manual
Allowed
Manual, Disabled

unknown

Accept PIV credentials

55be3260-a7a2-3c06-7fe6-072d07525ab7

Regulatory Compliance

1.1.0

1x
1.1.0

Default
Manual
Allowed
Manual, Disabled

unknown

Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities

3cf2ab00-13f1-4d0c-8971-2ac904541a7e

Guest Configuration

4.1.0

2x
4.1.0, 4.0.0

Fixed
modify

Contributor

true

Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity

497dff13-db2a-4c0f-8603-28fa3b331ab6

Guest Configuration

4.1.0

2x
4.1.0, 4.0.0

Fixed
modify

Contributor

true

Role

Role Id

#Policies

Policies

Network Contributor

4d97b98b-1d4f-4787-a291-c67834d212e7

Deploy network watcher when virtual networks are created

Virtual Machine Contributor

9980e02c-c2be-4d73-94e8-173b1dc7cf3c

Deploy default Microsoft IaaSAntimalware extension for Windows Server

Contributor

b24988ac-6180-42a0-ab88-20f7382dd24c

Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities, Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity, Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs, Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs

Storage Account Contributor

17d1049b-9a84-46fb-8f53-869881c3d3ab

Deploy Diagnostic Settings for Network Security Groups

Monitoring Contributor

749f88d5-cbae-40b8-bcfc-e573ddc772fa

Deploy Diagnostic Settings for Network Security Groups

Date/Time (UTC ymd) (i)

Changes

2025-05-09 17:29:42

Version change: '14.9.0' to '14.10.0'
remove Policy [Deprecated]: Virtual machines should have the Log Analytics extension installed (a70ca396-0a34-413a-88e1-b956c1e683be)

2025-03-12 18:29:00

Version change: '14.8.0' to '14.9.0'
remove Policy [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated (e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15)

2025-01-28 19:35:17

Version change: '14.7.0' to '14.8.0'
remove Policy [Deprecated]: Accounts with owner permissions on Azure resources should be MFA enabled (e3e008c3-56b9-4133-8fd7-d3347377402a)
remove Policy [Deprecated]: Accounts with read permissions on Azure resources should be MFA enabled (81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4)
remove Policy [Deprecated]: Accounts with write permissions on Azure resources should be MFA enabled (931e118d-50a1-4457-a5e4-78550e086c52)

2024-10-15 17:53:51

Version change: '14.6.0' to '14.7.0'
remove Policy [Deprecated]: System updates on virtual machine scale sets should be installed (c3f317a7-a95c-4547-b7e7-11017ebdf2fe)
remove Policy [Deprecated]: System updates should be installed on your machines (86b3d65f-7626-441e-b690-81a8b71cff60)

2024-09-05 17:48:45

Version change: '14.5.0' to '14.6.0'
remove Policy [Deprecated]: Auto provisioning of the Log Analytics agent should be enabled on your subscription (475aae12-b88a-4572-8b36-9b712b2b3a17)
remove Policy [Deprecated]: Adaptive application controls for defining safe applications should be enabled on your machines (47a6b606-51aa-4496-8bb7-64b11cf66adc)
remove Policy [Deprecated]: Adaptive network hardening recommendations should be applied on internet facing virtual machines (08e6af2d-db70-460a-bfe9-d5bd474ba9d6)
remove Policy [Deprecated]: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated (3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4)
remove Policy [Deprecated]: Vulnerabilities in container security configurations should be remediated (e8cbc669-f12d-49eb-93e7-9273119e9933)

2024-08-29 17:47:54

Version change: '14.4.0' to '14.5.0'
remove Policy [Deprecated]: Endpoint protection solution should be installed on virtual machine scale sets (26a828e1-e88f-464e-bbb3-c134a282b9de)
remove Policy [Deprecated]: Monitor missing Endpoint Protection in Azure Security Center (af6cd1bd-1635-48cb-bde7-5b15693900b9)

2024-06-06 18:16:34

Version change: '14.3.0' to '14.4.0'
remove Policy [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources (0961003e-5a0a-4549-abde-af6a37f2724d)

2023-12-12 19:47:53

add Policy App Service apps should have Client Certificates (Incoming client certificates) enabled (19dd1db6-f442-49cf-a838-b0786b4401ef)
Version change: '14.2.0' to '14.3.0'
remove Policy [Deprecated]: App Service apps should have 'Client Certificates (Incoming client certificates)' enabled (5bb220d9-2698-4ee4-8404-b9c30c9df609)

2023-05-04 17:45:12

2023-02-21 18:41:21

Version change: '14.0.0' to '14.1.0'
remove Policy [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled (7c1b1214-f927-48bf-8882-84f0af6588b1)

2022-09-27 16:35:21

2022-09-21 16:34:39

Description change: 'This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-init.' to 'Health Information Trust Alliance (HITRUST) helps organizations from all sectors-but especially healthcare-effectively manage data, information risk, and compliance. HITRUST certification means that the organization has undergone a thorough assessment of the information security program. These policies address a subset of HITRUST controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/hipaa-hitrust-9-2'

2022-07-07 16:32:14

Version change: '12.0.0' to '13.0.0'
remove Policy [Deprecated]: Latest TLS version should be used in your API App (8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e)
remove Policy [Deprecated]: Remote debugging should be turned off for API Apps (e9c8d085-d9cc-4b17-9cdc-059f1f01f19e)
remove Policy [Deprecated]: CORS should not allow every resource to access your API App (358c20a6-3f9e-4f0e-97ff-c6ce485e2aac)

2022-06-10 16:31:22

Version change: '10.1.1' to '12.0.0'
remove Policy [Deprecated]: API App should only be accessible over HTTPS (b7ddfbdc-1260-477d-91fd-98bd9be789a6)

2022-04-07 17:18:35

Version change: '10.1.0' to '10.1.1'

2022-04-01 20:29:13

Description change: 'This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.' to 'This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-init.'

2022-01-27 17:51:51

remove Policy [Deprecated]: Custom subscription owner roles should not exist (10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9)

2022-01-26 17:48:30

Description change: 'This initiative includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.' to 'This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.'

2022-01-13 19:18:29

add Policy App Service apps should have resource logs enabled (91a78b24-f231-4a8a-8da9-02c35b2b6510)
remove Policy [Deprecated]: Unattached disks should be encrypted (2c89a2e5-7285-40fe-afe0-ae8654b92fb2)
remove Policy [Deprecated]: Diagnostic logs in App Services should be enabled (b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0)

2021-12-08 16:24:23

add Policy SQL managed instances should use customer-managed keys to encrypt data at rest (ac01ad65-10e5-46df-bdd9-6b0cad13e1d2)
add Policy SQL servers should use customer-managed keys to encrypt data at rest (0a370ff3-6cab-4e85-8995-295fd854c5b8)
remove Policy [Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest (0d134df8-db83-46fb-ad72-fe0c9428c8dd)
remove Policy [Deprecated]: SQL managed instances should use customer-managed keys to encrypt data at rest (048248b0-55cd-46da-b1ff-39efd52db260)

2021-06-22 14:29:04

remove Policy [Deprecated]: Service Bus should use a virtual network service endpoint (235359c5-7c52-4b82-9055-01c75cf9f60e)

2021-02-17 14:28:42

add Policy Resource logs in Azure Key Vault Managed HSM should be enabled (a2a5b911-5617-447e-a49e-59dbe0e0434b)
add Policy Azure Key Vault Managed HSM should have purge protection enabled (c39ba22d-4428-4149-b981-70acb31fc383)

2021-01-22 09:14:56

remove Policy [Deprecated]: Vulnerabilities should be remediated by a Vulnerability Assessment solution (760a85ff-6162-42b3-8d70-698e268f648c)

2020-09-09 11:24:08

2020-08-21 13:50:30

2020-06-23 16:03:23

2020-06-22 16:06:26

Description change: 'This initiative includes audit and VM extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.'

2020-06-16 14:55:25

Description change: 'This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. https://aka.ms/hipaa-blueprint' to 'This initiative includes audit and VM extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint.'
Name change: 'Audit HITRUST/HIPAA controls and deploy specific VM Extensions to support audit requirements' to 'HITRUST/HIPAA'

{

displayName: "HITRUST/HIPAA",
policyType: "BuiltIn",
description: "Health Information Trust Alliance (HITRUST) helps organizations from all sectors-but especially healthcare-effectively manage data, information risk, and compliance. HITRUST certification means that the organization has undergone a thorough assessment of the information security program. These policies address a subset of HITRUST controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/hipaa-hitrust-9-2",
metadata: {2 items
- version: "14.10.0",
- category: "Regulatory Compliance"
},
version: "14.10.0",
parameters: {98 items
- IncludeArcMachines: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Include Arc connected servers for Guest Configuration policies",
    - description: "Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- installedApplicationsOnWindowsVM: {2 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Application names (supports wildcards)",
    - description: "A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')"
    }
  },
- DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix: {2 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Storage Account Prefix for Regional Storage Account to deploy diagnostic settings for Network Security Groups",
    - description: "This prefix will be combined with the network security group location to form the created storage account name."
    }
  },
- DeployDiagnosticSettingsforNetworkSecurityGroupsrgName: {2 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Resource Group Name for Storage Account (must exist) to deploy diagnostic settings for Network Security Groups",
    - description: "The resource group that the storage account will be created in. This resource group must already exist.",
    - strongType: "ExistingResourceGroups"
    }
  },
- CertificateThumbprints: {2 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Certificate thumbprints",
    - description: "A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\LocalMachine\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"
    }
  },
- membersToExclude: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "List of users excluded from Windows VM Administrators group",
    - description: "A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"
    },
  - defaultValue: ""
  },
- workspaceId: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "List of workspace IDs where Log Analytics agents should connect",
    - description: "A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to"
    },
  - defaultValue: ""
  },
- listOfResourceTypes: {4 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "List of resource types that should have resource logs enabled",
    - description: "Audit diagnostic setting for selected resource types"
    },
  - allowedValues: [46 items
    - "Microsoft.AnalysisServices/servers",
    - "Microsoft.ApiManagement/service",
    - "Microsoft.Network/applicationGateways",
    - "Microsoft.Automation/automationAccounts",
    - "Microsoft.ContainerInstance/containerGroups",
    - "Microsoft.ContainerRegistry/registries",
    - "Microsoft.ContainerService/managedClusters",
    - "Microsoft.Batch/batchAccounts",
    - "Microsoft.Cdn/profiles/endpoints",
    - "Microsoft.CognitiveServices/accounts",
    - "Microsoft.DocumentDB/databaseAccounts",
    - "Microsoft.DataFactory/factories",
    - "Microsoft.DataLakeAnalytics/accounts",
    - "Microsoft.DataLakeStore/accounts",
    - "Microsoft.EventGrid/eventSubscriptions",
    - "Microsoft.EventGrid/topics",
    - "Microsoft.EventHub/namespaces",
    - "Microsoft.Network/expressRouteCircuits",
    - "Microsoft.Network/azureFirewalls",
    - "Microsoft.HDInsight/clusters",
    - "Microsoft.Devices/IotHubs",
    - "Microsoft.KeyVault/vaults",
    - "Microsoft.Network/loadBalancers",
    - "Microsoft.Logic/integrationAccounts",
    - "Microsoft.Logic/workflows",
    - "Microsoft.DBforMySQL/servers",
    - "Microsoft.Network/networkInterfaces",
    - "Microsoft.Network/networkSecurityGroups",
    - "Microsoft.DBforPostgreSQL/servers",
    - "Microsoft.PowerBIDedicated/capacities",
    - "Microsoft.Network/publicIPAddresses",
    - "Microsoft.RecoveryServices/vaults",
    - "Microsoft.Cache/redis",
    - "Microsoft.Relay/namespaces",
    - "Microsoft.Search/searchServices",
    - "Microsoft.ServiceBus/namespaces",
    - "Microsoft.SignalRService/SignalR",
    - "Microsoft.Sql/servers/databases",
    - "Microsoft.Sql/servers/elasticPools",
    - "Microsoft.StreamAnalytics/streamingjobs",
    - "Microsoft.TimeSeriesInsights/environments",
    - "Microsoft.Network/trafficManagerProfiles",
    - "Microsoft.Compute/virtualMachines",
    - "Microsoft.Compute/virtualMachineScaleSets",
    - "Microsoft.Network/virtualNetworks",
    - "Microsoft.Network/virtualNetworkGateways"
    ],
  - defaultValue: [46 items
    - "Microsoft.AnalysisServices/servers",
    - "Microsoft.ApiManagement/service",
    - "Microsoft.Network/applicationGateways",
    - "Microsoft.Automation/automationAccounts",
    - "Microsoft.ContainerInstance/containerGroups",
    - "Microsoft.ContainerRegistry/registries",
    - "Microsoft.ContainerService/managedClusters",
    - "Microsoft.Batch/batchAccounts",
    - "Microsoft.Cdn/profiles/endpoints",
    - "Microsoft.CognitiveServices/accounts",
    - "Microsoft.DocumentDB/databaseAccounts",
    - "Microsoft.DataFactory/factories",
    - "Microsoft.DataLakeAnalytics/accounts",
    - "Microsoft.DataLakeStore/accounts",
    - "Microsoft.EventGrid/eventSubscriptions",
    - "Microsoft.EventGrid/topics",
    - "Microsoft.EventHub/namespaces",
    - "Microsoft.Network/expressRouteCircuits",
    - "Microsoft.Network/azureFirewalls",
    - "Microsoft.HDInsight/clusters",
    - "Microsoft.Devices/IotHubs",
    - "Microsoft.KeyVault/vaults",
    - "Microsoft.Network/loadBalancers",
    - "Microsoft.Logic/integrationAccounts",
    - "Microsoft.Logic/workflows",
    - "Microsoft.DBforMySQL/servers",
    - "Microsoft.Network/networkInterfaces",
    - "Microsoft.Network/networkSecurityGroups",
    - "Microsoft.DBforPostgreSQL/servers",
    - "Microsoft.PowerBIDedicated/capacities",
    - "Microsoft.Network/publicIPAddresses",
    - "Microsoft.RecoveryServices/vaults",
    - "Microsoft.Cache/redis",
    - "Microsoft.Relay/namespaces",
    - "Microsoft.Search/searchServices",
    - "Microsoft.ServiceBus/namespaces",
    - "Microsoft.SignalRService/SignalR",
    - "Microsoft.Sql/servers/databases",
    - "Microsoft.Sql/servers/elasticPools",
    - "Microsoft.StreamAnalytics/streamingjobs",
    - "Microsoft.TimeSeriesInsights/environments",
    - "Microsoft.Network/trafficManagerProfiles",
    - "Microsoft.Compute/virtualMachines",
    - "Microsoft.Compute/virtualMachineScaleSets",
    - "Microsoft.Network/virtualNetworks",
    - "Microsoft.Network/virtualNetworkGateways"
    ]
  },
- logsEnabled-7f89b1eb-583c-429a-8828-af049802c1d9: {4 items
  - type: "Boolean",
  - metadata: {1 item
    - displayName: "Include logs when auditing diagnostic logging settings."
    },
  - allowedValues: [2 items
    - true,
    - false
    ],
  - defaultValue: true
  },
- metricsEnabled-7f89b1eb-583c-429a-8828-af049802c1d9: {4 items
  - type: "Boolean",
  - metadata: {1 item
    - displayName: "Include metrics when auditing diagnostic logging settings."
    },
  - allowedValues: [2 items
    - true,
    - false
    ],
  - defaultValue: true
  },
- membersToInclude: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "List of users that must be included in Windows VM Administrators group",
    - description: "A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2"
    },
  - defaultValue: ""
  },
- listOfLocations: {3 items
  - type: "Array",
  - metadata: {4 items
    - displayName: "[Deprecated]: List of regions where Network Watcher should be enabled",
    - description: "To see a complete list of regions use Get-AzLocation",
    - strongType: "location",
    - deprecated: true
    },
  - defaultValue: []
  },
- NetworkWatcherResourceGroupName: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "NetworkWatcher resource group name",
    - description: "Name of the resource group of NetworkWatcher, such as NetworkWatcherRG"
    },
  - defaultValue: "NetworkWatcherRG"
  },
- members: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "List of users that Windows VM Administrators group must *only* include",
    - description: "A semicolon-separated list of all the expected members of the Administrators local group. Ex: Administrator; myUser1; myUser2"
    },
  - defaultValue: ""
  },
- operationName: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Operation Name",
    - description: "Administrative Operation name for which activity log alert should be configured"
    },
  - allowedValues: [10 items
    - "Microsoft.Sql/servers/firewallRules/write",
    - "Microsoft.Sql/servers/firewallRules/delete",
    - "Microsoft.Network/networkSecurityGroups/write",
    - "Microsoft.Network/networkSecurityGroups/delete",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/write",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/delete",
    - "Microsoft.Network/networkSecurityGroups/securityRules/write",
    - "Microsoft.Network/networkSecurityGroups/securityRules/delete",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"
    ],
  - defaultValue: "Microsoft.Sql/servers/firewallRules/write"
  },
- virtualNetworkId: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Virtual network where VMs should be connected",
    - description: "Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"
    },
  - defaultValue: ""
  },
- diagnosticsLogsInBatchAccountMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Resource logs in Batch accounts should be enabled",
    - description: "Enable or disable the monitoring of resource logs in Batch accounts"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- diagnosticsLogsInBatchAccountRetentionDays: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (in days) for logs in Batch accounts",
    - description: "The required resource logs retention period in days"
    },
  - defaultValue: "365"
  },
- ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: SQL Managed Instance TDE protector should be encrypted with your own key",
    - description: "Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyWithDenyMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "SQL Managed Instance TDE protector should be encrypted with your own key",
    - description: "Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties."
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- diskEncryptionMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources",
    - description: "Enable or disable the monitoring for VM disk encryption",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- diagnosticsLogsInSearchServiceMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Resource logs in Search services should be enabled",
    - description: "Enable or disable the monitoring of resource logs in Azure Search service"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- diagnosticsLogsInSearchServiceRetentionDays: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (in days) of logs in Azure Search service",
    - description: "The required resource logs retention period in days"
    },
  - defaultValue: "365"
  },
- vulnerabilityAssessmentOnManagedInstanceMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Vulnerability assessment should be enabled on SQL Managed Instance",
    - description: "Audit each SQL Managed Instance which doesn't have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities."
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- vulnerabilityAssesmentMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Vulnerabilities should be remediated by a Vulnerability Assessment solution",
    - description: "Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- EnableInsecureGuestLogons: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Enable insecure guest logons",
    - description: "Specifies whether the SMB client will allow insecure guest logons to an SMB server."
    },
  - defaultValue: "0"
  },
- AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Allow simultaneous connections to the Internet or a Windows Domain",
    - description: "Specify whether to prevent computers from connecting to both a domain based network and a non-domain based network at the same time. A value of 0 allows simultaneous connections, and a value of 1 blocks them."
    },
  - defaultValue: "1"
  },
- TurnOffMulticastNameResolution: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Turn off multicast name resolution",
    - description: "Specifies whether LLMNR, a secondary name resolution protocol that transmits using multicast over a local subnet link on a single subnet, is enabled."
    },
  - defaultValue: "1"
  },
- nextGenerationFirewallMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Access through Internet facing endpoint should be restricted",
    - description: "Enable or disable overly permissive inbound NSG rules monitoring"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: SQL server TDE protector should be encrypted with your own key",
    - description: "Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- ensureServerTDEIsEncryptedWithYourOwnKeyWithDenyMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "SQL server TDE protector should be encrypted with your own key",
    - description: "Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties."
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- apiAppDisableRemoteDebuggingMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Remote debugging should be turned off for API App",
    - description: "Enable or disable the monitoring of remote debugging for API App",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- classicComputeVMsMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Virtual machines should be migrated to new Azure Resource Manager resources",
    - description: "Enable or disable the monitoring of classic compute VMs"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- disableUnrestrictedNetworkToStorageAccountMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Audit unrestricted network access to storage accounts",
    - description: "Enable or disable the monitoring of network access to storage account"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- adaptiveApplicationControlsMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Adaptive Application Controls should be enabled on virtual machines",
    - description: "Enable or disable the monitoring of defining safe applications in Azure Security Center",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- NetworkAccessRemotelyAccessibleRegistryPaths: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network access: Remotely accessible registry paths",
    - description: "Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key."
    },
  - defaultValue: "System\CurrentControlSet\Control\ProductOptions|#|System\CurrentControlSet\Control\Server Applications|#|Software\Microsoft\Windows NT\CurrentVersion"
  },
- NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network access: Remotely accessible registry paths and sub-paths",
    - description: "Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key."
    },
  - defaultValue: "System\CurrentControlSet\Control\Print\Printers|#|System\CurrentControlSet\Services\Eventlog|#|Software\Microsoft\OLAP Server|#|Software\Microsoft\Windows NT\CurrentVersion\Print|#|Software\Microsoft\Windows NT\CurrentVersion\Windows|#|System\CurrentControlSet\Control\ContentIndex|#|System\CurrentControlSet\Control\Terminal Server|#|System\CurrentControlSet\Control\Terminal Server\UserConfig|#|System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration|#|Software\Microsoft\Windows NT\CurrentVersion\Perflib|#|System\CurrentControlSet\Services\SysmonLog"
  },
- NetworkAccessSharesThatCanBeAccessedAnonymously: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network access: Shares that can be accessed anonymously",
    - description: "Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server."
    },
  - defaultValue: "0"
  },
- webAppDisableRemoteDebuggingMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Remote debugging should be turned off for Web Application",
    - description: "Enable or disable the monitoring of remote debugging for Web App"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- apiAppEnforceHttpsMonitoringEffectV2: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: API App should only be accessible over HTTPS V2",
    - description: "Enable or disable the monitoring of the use of HTTPS in API App V2",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- identityEnableMFAForWritePermissionsMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: MFA should be enabled accounts with write permissions on your subscription",
    - description: "Enable or disable the monitoring of MFA for accounts with write permissions in subscription",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- jitNetworkAccessMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Just-In-Time network access control should be applied on virtual machines",
    - description: "Enable or disable the monitoring of network just In time access"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- identityEnableMFAForOwnerPermissionsMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: MFA should be enabled on accounts with owner permissions on your subscription",
    - description: "Enable or disable the monitoring of MFA for accounts with owner permissions in subscription",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- kubernetesServiceRbacEnabledMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Role-Based Access Control (RBAC) should be used on Kubernetes Services",
    - description: "Enable or disable the monitoring of Kubernetes Services without RBAC enabled"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- restrictAccessToManagementPortsMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Management ports should be closed on your virtual machines",
    - description: "Enable or disable the monitoring of open management ports on Virtual Machines"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- vmssOsVulnerabilitiesMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated",
    - description: "Enable or disable virtual machine scale sets OS vulnerabilities monitoring",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- diagnosticsLogsInEventHubMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Resource logs in Event Hub should be enabled",
    - description: "Enable or disable the monitoring of resource logs in Event Hub accounts"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- diagnosticsLogsInEventHubRetentionDays: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (in days) of logs in Event Hub accounts",
    - description: "The required resource logs retention period in days"
    },
  - defaultValue: "365"
  },
- vmssSystemUpdatesMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: System updates on virtual machine scale sets should be installed",
    - description: "Enable or disable virtual machine scale sets reporting of system updates",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- diagnosticsLogsInServiceFabricMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled",
    - description: "Enable or disable the monitoring of resource logs in Service Fabric",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- systemUpdatesMonitoringEffect: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: System updates should be installed on your machines",
    - description: "Enable or disable reporting of system updates",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Accounts: Guest account status",
    - description: "Specifies whether the local Guest account is disabled."
    },
  - defaultValue: "0"
  },
- RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Recovery console: Allow floppy copy and access to all drives and all folders",
    - description: "Specifies whether to make the Recovery Console SET command available, which allows setting of recovery console environment variables."
    },
  - defaultValue: "0"
  },
- AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Audit: Shut down system immediately if unable to log security audits",
    - description: "Audits if the system will shut down when unable to log Security events."
    },
  - defaultValue: "0"
  },
- DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Audit Process Termination",
    - description: "Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes."
    },
  - allowedValues: [4 items
    - "No Auditing",
    - "Success",
    - "Failure",
    - "Success and Failure"
    ],
  - defaultValue: "No Auditing"
  },
- WindowsFirewallDomainUseProfileSettings: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Domain): Use profile settings",
    - description: "Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallDomainBehaviorForOutboundConnections: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Domain): Behavior for outbound connections",
    - description: "Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
    },
  - defaultValue: "0"
  },
- WindowsFirewallDomainApplyLocalConnectionSecurityRules: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Domain): Apply local connection security rules",
    - description: "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallDomainApplyLocalFirewallRules: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Domain): Apply local firewall rules",
    - description: "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallDomainDisplayNotifications: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Domain): Display notifications",
    - description: "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPrivateUseProfileSettings: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Private): Use profile settings",
    - description: "Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPrivateBehaviorForOutboundConnections: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Private): Behavior for outbound connections",
    - description: "Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
    },
  - defaultValue: "0"
  },
- WindowsFirewallPrivateApplyLocalConnectionSecurityRules: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Private): Apply local connection security rules",
    - description: "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPrivateApplyLocalFirewallRules: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Private): Apply local firewall rules",
    - description: "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPrivateDisplayNotifications: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Private): Display notifications",
    - description: "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPublicUseProfileSettings: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Public): Use profile settings",
    - description: "Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPublicBehaviorForOutboundConnections: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Public): Behavior for outbound connections",
    - description: "Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
    },
  - defaultValue: "0"
  },
- WindowsFirewallPublicApplyLocalConnectionSecurityRules: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Public): Apply local connection security rules",
    - description: "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPublicApplyLocalFirewallRules: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Public): Apply local firewall rules",
    - description: "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPublicDisplayNotifications: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Public): Display notifications",
    - description: "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallDomainAllowUnicastResponse: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall: Domain: Allow unicast response",
    - description: "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile."
    },
  - defaultValue: "0"
  },
- WindowsFirewallPrivateAllowUnicastResponse: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall: Private: Allow unicast response",
    - description: "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile."
    },
  - defaultValue: "0"
  },
- WindowsFirewallPublicAllowUnicastResponse: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall: Public: Allow unicast response",
    - description: "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile."
    },
  - defaultValue: "1"
  },
- requiredRetentionDays: {3 items
  - type: "String",
  - metadata: {1 item
    - displayName: "Required retention period (days) for resource logs"
    },
  - defaultValue: "365"
  },
- diagnosticsLogsInRedisCacheMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: [Only secure connections to your Redis Cache should be enabled]",
    - description: "Azure Policy effect for this policy; for more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- secureTransferToStorageAccountMonitoringEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: [Secure transfer to storage accounts should be enabled]",
    - description: "Azure Policy effect for this policy; for more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- usersOrGroupsThatMayAccessThisComputerFromTheNetwork: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may access this computer from the network",
    - description: "Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection."
    },
  - defaultValue: "Administrators, Authenticated Users"
  },
- usersOrGroupsThatMayLogOnLocally: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may log on locally",
    - description: "Specifies which users or groups can interactively log on to the computer. Users who attempt to log on via Remote Desktop Connection or IIS also require this user right."
    },
  - defaultValue: "Administrators"
  },
- usersOrGroupsThatMayLogOnThroughRemoteDesktopServices: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may log on through Remote Desktop Services",
    - description: "Specifies which users or groups are permitted to log on as a Terminal Services client, Remote Desktop, or for Remote Assistance."
    },
  - defaultValue: "Administrators, Remote Desktop Users"
  },
- usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that are denied access from the network",
    - description: "Specifies which users or groups are explicitly prohibited from connecting across the network."
    },
  - defaultValue: "Guests"
  },
- usersOrGroupsThatMayManageAuditingAndSecurityLog: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may manage auditing and security log",
    - description: "Specifies users and groups permitted to change the auditing options for files and directories and clear the Security log."
    },
  - defaultValue: "Administrators"
  },
- usersOrGroupsThatMayBackUpFilesAndDirectories: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may back up files and directories",
    - description: "Specifies users and groups allowed to circumvent file and directory permissions to back up the system."
    },
  - defaultValue: "Administrators, Backup Operators"
  },
- usersOrGroupsThatMayChangeTheSystemTime: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may change the system time",
    - description: "Specifies which users and groups are permitted to change the time and date on the internal clock of the computer."
    },
  - defaultValue: "Administrators, LOCAL SERVICE"
  },
- usersOrGroupsThatMayChangeTheTimeZone: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may change the time zone",
    - description: "Specifies which users and groups are permitted to change the time zone of the computer."
    },
  - defaultValue: "Administrators, LOCAL SERVICE"
  },
- usersOrGroupsThatMayCreateATokenObject: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may create a token object",
    - description: "Specifies which users and groups are permitted to create an access token, which may provide elevated rights to access sensitive data."
    },
  - defaultValue: "No One"
  },
- usersAndGroupsThatAreDeniedLoggingOnAsABatchJob: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that are denied logging on as a batch job",
    - description: "Specifies which users and groups are explicitly not permitted to log on to the computer as a batch job (i.e. scheduled task)."
    },
  - defaultValue: "Guests"
  },
- usersAndGroupsThatAreDeniedLoggingOnAsAService: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that are denied logging on as a service",
    - description: "Specifies which service accounts are explicitly not permitted to register a process as a service."
    },
  - defaultValue: "Guests"
  },
- usersAndGroupsThatAreDeniedLocalLogon: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that are denied local logon",
    - description: "Specifies which users and groups are explicitly not permitted to log on to the computer."
    },
  - defaultValue: "Guests"
  },
- usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that are denied log on through Remote Desktop Services",
    - description: "Specifies which users and groups are explicitly not permitted to log on to the computer via Terminal Services/Remote Desktop Client."
    },
  - defaultValue: "Guests"
  },
- userAndGroupsThatMayForceShutdownFromARemoteSystem: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "User and groups that may force shutdown from a remote system",
    - description: "Specifies which users and groups are permitted to shut down the computer from a remote location on the network."
    },
  - defaultValue: "Administrators"
  },
- usersAndGroupsThatMayRestoreFilesAndDirectories: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that may restore files and directories",
    - description: "Specifies which users and groups are permitted to bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories."
    },
  - defaultValue: "Administrators, Backup Operators"
  },
- usersAndGroupsThatMayShutDownTheSystem: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that may shut down the system",
    - description: "Specifies which users and groups who are logged on locally to the computers in your environment are permitted to shut down the operating system with the Shut Down command."
    },
  - defaultValue: "Administrators"
  },
- usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may take ownership of files or other objects",
    - description: "Specifies which users and groups are permitted to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user."
    },
  - defaultValue: "Administrators"
  },
- virtualMachinesShouldBeConnectedToAnApprovedVirtualNetworkEffect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: [Virtual machines should be connected to an approved virtual network]",
    - description: "Azure Policy effect for this policy; for more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- uacAdminApprovalModeForTheBuiltinAdministratorAccount: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "UAC: Admin Approval Mode for the Built-in Administrator account",
    - description: "Specifies the behavior of Admin Approval Mode for the built-in Administrator account."
    },
  - defaultValue: "1"
  },
- uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "UAC: Behavior of the elevation prompt for administrators in Admin Approval Mode",
    - description: "Specifies the behavior of the elevation prompt for administrators."
    },
  - defaultValue: "2"
  },
- uacDetectApplicationInstallationsAndPromptForElevation: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "UAC: Detect application installations and prompt for elevation",
    - description: "Specifies the behavior of application installation detection for the computer."
    },
  - defaultValue: "1"
  },
- uacRunAllAdministratorsInAdminApprovalMode: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "UAC: Run all administrators in Admin Approval Mode",
    - description: "Specifies the behavior of all User Account Control (UAC) policy settings for the computer."
    },
  - defaultValue: "1"
  }
},
policyDefinitions: [595 items
- {5 items
  - policyDefinitionReferenceId: "ced291b8-1d3d-7e27-40cf-829e9dd523c8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0101.00a1Organizational.123-00.a",
    - "hipaa-0102.00a2Organizational.123-00.a",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-1790.10a2Organizational.45-10.a",
    - "hipaa-1798.10a3Organizational.2-10.a",
    - "hipaa-1799.10a3Organizational.34-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e7422f08-65b4-50e4-3779-d793156e0079",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0101.00a1Organizational.123-00.a",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-1781.10a1Organizational.23-10.a",
    - "hipaa-1789.10a2Organizational.3-10.a",
    - "hipaa-1790.10a2Organizational.45-10.a",
    - "hipaa-1797.10a3Organizational.1-10.a",
    - "hipaa-1798.10a3Organizational.2-10.a",
    - "hipaa-1799.10a3Organizational.34-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "84245967-7882-54f6-2d34-85059f725b47",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/84245967-7882-54f6-2d34-85059f725b47 Establish an information security program ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0101.00a1Organizational.123-00.a",
    - "hipaa-0102.00a2Organizational.123-00.a",
    - "hipaa-0113.04a1Organizational.123-04.a",
    - "hipaa-0114.04b1Organizational.1-04.b",
    - "hipaa-0118.05a1Organizational.2-05.a",
    - "hipaa-12102.09ab1Organizational.4-09.ab",
    - "hipaa-1331.02e3Organizational.4-02.e",
    - "hipaa-1453.05kCSPOrganizational.2-05.k",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1516.11c1Organizational.12-11.c",
    - "hipaa-1520.11c2Organizational.4-11.c",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1560.11d1Organizational.1-11.d",
    - "hipaa-1562.11d2Organizational.2-11.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5226dee6-3420-711b-4709-8e675ebd828f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5226dee6-3420-711b-4709-8e675ebd828f Update information security policies ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0101.00a1Organizational.123-00.a",
    - "hipaa-0102.00a2Organizational.123-00.a",
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0113.04a1Organizational.123-04.a",
    - "hipaa-0114.04b1Organizational.1-04.b",
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0118.05a1Organizational.2-05.a",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1307.07c1Organizational.124-07.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2e7a98c9-219f-0d58-38dc-d69038224442",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0101.00a1Organizational.123-00.a",
    - "hipaa-0113.04a1Organizational.123-04.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b2ea1058-8998-3dd1-84f1-82132ad482fd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0103.00a3Organizational.1234567-00.a",
    - "hipaa-0118.05a1Organizational.2-05.a",
    - "hipaa-0119.05a1Organizational.3-05.a",
    - "hipaa-0162.04b1Organizational.2-04.b",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0866.09m3Organizational.1516-09.m",
    - "hipaa-1782.10a1Organizational.4-10.a",
    - "hipaa-1793.10a2Organizational.91011-10.a",
    - "hipaa-19134.05j1Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "afbecd30-37ee-a27b-8e09-6ac49951a0ee",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0103.00a3Organizational.1234567-00.a",
    - "hipaa-0118.05a1Organizational.2-05.a",
    - "hipaa-0119.05a1Organizational.3-05.a",
    - "hipaa-0162.04b1Organizational.2-04.b",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0866.09m3Organizational.1516-09.m",
    - "hipaa-1782.10a1Organizational.4-10.a",
    - "hipaa-1793.10a2Organizational.91011-10.a",
    - "hipaa-19134.05j1Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "df2e9507-169b-4114-3a52-877561ee3198",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0103.00a3Organizational.1234567-00.a",
    - "hipaa-0118.05a1Organizational.2-05.a",
    - "hipaa-0119.05a1Organizational.3-05.a",
    - "hipaa-0162.04b1Organizational.2-04.b",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0866.09m3Organizational.1516-09.m",
    - "hipaa-1782.10a1Organizational.4-10.a",
    - "hipaa-1793.10a2Organizational.91011-10.a",
    - "hipaa-19134.05j1Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2b05dca2-25ec-9335-495c-29155f785082",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0108.02d1Organizational.23-02.d",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0122.05a2Organizational.3-05.a",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1304.02e3Organizational.1-02.e",
    - "hipaa-1309.01x1System.36-01.x",
    - "hipaa-1310.01y1Organizational.9-01.y",
    - "hipaa-1315.02e2Organizational.67-02.e",
    - "hipaa-1336.02e1Organizational.5-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4c385143-09fd-3a34-790c-a5fd9ec77ddc",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0122.05a2Organizational.3-05.a",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1304.02e3Organizational.1-02.e",
    - "hipaa-1309.01x1System.36-01.x",
    - "hipaa-1310.01y1Organizational.9-01.y",
    - "hipaa-1315.02e2Organizational.67-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9ac8621d-9acd-55bf-9f99-ee4212cc3d85",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0108.02d1Organizational.23-02.d",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0122.05a2Organizational.3-05.a",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1304.02e3Organizational.1-02.e",
    - "hipaa-1309.01x1System.36-01.x",
    - "hipaa-1310.01y1Organizational.9-01.y",
    - "hipaa-1313.02e1Organizational.3-02.e",
    - "hipaa-1315.02e2Organizational.67-02.e",
    - "hipaa-1324.07c1Organizational.3-07.c",
    - "hipaa-1336.02e1Organizational.5-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "42116f15-5665-a52a-87bb-b40e64c74b6c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0112.02d2Organizational.3-02.d",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1128.01q2System.5-01.q",
    - "hipaa-1137.06e1Organizational.1-06.e",
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1303.02e2Organizational.2-02.e",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1307.07c1Organizational.124-07.c",
    - "hipaa-1308.09j1Organizational.5-09.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "509552f5-6528-3540-7959-fbeae4832533",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0112.02d2Organizational.3-02.d",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1128.01q2System.5-01.q",
    - "hipaa-1137.06e1Organizational.1-06.e",
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1303.02e2Organizational.2-02.e",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1307.07c1Organizational.124-07.c",
    - "hipaa-1308.09j1Organizational.5-09.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d02498e0-8a6f-6b02-8332-19adf6711d1e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1137.06e1Organizational.1-06.e",
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1303.02e2Organizational.2-02.e",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1307.07c1Organizational.124-07.c",
    - "hipaa-1308.09j1Organizational.5-09.j",
    - "hipaa-1324.07c1Organizational.3-07.c",
    - "hipaa-1325.09s1Organizational.3-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "271a3e58-1b38-933d-74c9-a580006b80aa",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1137.06e1Organizational.1-06.e",
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1303.02e2Organizational.2-02.e",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1307.07c1Organizational.124-07.c",
    - "hipaa-1308.09j1Organizational.5-09.j",
    - "hipaa-1324.07c1Organizational.3-07.c",
    - "hipaa-1325.09s1Organizational.3-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5fe84a4c-1b0c-a738-2aba-ed49c9069d3b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1137.06e1Organizational.1-06.e",
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1303.02e2Organizational.2-02.e",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1307.07c1Organizational.124-07.c",
    - "hipaa-1308.09j1Organizational.5-09.j",
    - "hipaa-1324.07c1Organizational.3-07.c",
    - "hipaa-1325.09s1Organizational.3-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6c0a312f-04c5-5c97-36a5-e56763a02b6b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1137.06e1Organizational.1-06.e",
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1303.02e2Organizational.2-02.e",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1307.07c1Organizational.124-07.c",
    - "hipaa-1308.09j1Organizational.5-09.j",
    - "hipaa-1324.07c1Organizational.3-07.c",
    - "hipaa-1325.09s1Organizational.3-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6610f662-37e9-2f71-65be-502bdc2f554d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1137.06e1Organizational.1-06.e",
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1303.02e2Organizational.2-02.e",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1307.07c1Organizational.124-07.c",
    - "hipaa-1308.09j1Organizational.5-09.j",
    - "hipaa-1324.07c1Organizational.3-07.c",
    - "hipaa-1325.09s1Organizational.3-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7ad83b58-2042-085d-08f0-13e946f26f89",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1137.06e1Organizational.1-06.e",
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1303.02e2Organizational.2-02.e",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1307.07c1Organizational.124-07.c",
    - "hipaa-1308.09j1Organizational.5-09.j",
    - "hipaa-1324.07c1Organizational.3-07.c",
    - "hipaa-1325.09s1Organizational.3-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ef5a7059-6651-73b1-18b3-75b1b79c1565",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0122.05a2Organizational.3-05.a",
    - "hipaa-0702.07a1Organizational.3-07.a",
    - "hipaa-0705.07a3Organizational.3-07.a",
    - "hipaa-0706.10b1System.12-10.b",
    - "hipaa-1780.10a1Organizational.1-10.a",
    - "hipaa-1781.10a1Organizational.23-10.a",
    - "hipaa-1786.10a1Organizational.9-10.a",
    - "hipaa-1787.10a2Organizational.1-10.a",
    - "hipaa-1789.10a2Organizational.3-10.a",
    - "hipaa-1790.10a2Organizational.45-10.a",
    - "hipaa-1792.10a2Organizational.7814-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0dcbaf2f-075e-947b-8f4c-74ecc5cd302c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities ,
  - definitionVersion: 1.*.*1.1.1,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0104.02a1Organizational.12-02.a",
    - "hipaa-0122.05a2Organizational.3-05.a",
    - "hipaa-0705.07a3Organizational.3-07.a",
    - "hipaa-0706.10b1System.12-10.b",
    - "hipaa-1786.10a1Organizational.9-10.a",
    - "hipaa-1789.10a2Organizational.3-10.a",
    - "hipaa-1792.10a2Organizational.7814-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b7897ddc-9716-2460-96f7-7757ad038cc4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0105.02a2Organizational.1-02.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c42f19c9-5d88-92da-0742-371a0ea03126",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0105.02a2Organizational.1-02.a",
    - "hipaa-0106.02a2Organizational.23-02.a",
    - "hipaa-1432.05k1Organizational.89-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e0c480bf-0d68-a42d-4cbb-b60f851f8716",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0105.02a2Organizational.1-02.a",
    - "hipaa-0106.02a2Organizational.23-02.a",
    - "hipaa-1432.05k1Organizational.89-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c6aeb800-0b19-944d-92dc-59b893722329",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0105.02a2Organizational.1-02.a",
    - "hipaa-0106.02a2Organizational.23-02.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a315c657-4a00-8eba-15ac-44692ad24423",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a315c657-4a00-8eba-15ac-44692ad24423 Protect special information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0105.02a2Organizational.1-02.a",
    - "hipaa-0106.02a2Organizational.23-02.a",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-0947.09y2Organizational.2-09.y",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1132.01v2System.3-01.v",
    - "hipaa-1134.01v3System.1-01.v",
    - "hipaa-1903.06d1Organizational.3456711-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f8ded0c6-a668-9371-6bb6-661d58787198",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0105.02a2Organizational.1-02.a",
    - "hipaa-0111.02d2Organizational.2-02.d",
    - "hipaa-1407.05k2Organizational.1-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1431.05k1Organizational.7-05.k",
    - "hipaa-1432.05k1Organizational.89-05.k",
    - "hipaa-1455.05kCSPOrganizational.4-05.k",
    - "hipaa-1801.08b1Organizational.124-08.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b544f797-a73b-1be3-6d01-6b1a085376bc",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0107.02d1Organizational.1-02.d",
    - "hipaa-0110.02d2Organizational.1-02.d",
    - "hipaa-0118.05a1Organizational.2-05.a",
    - "hipaa-0135.02f1Organizational.56-02.f",
    - "hipaa-1525.11a1Organizational.6-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "524e7136-9f6a-75ba-9089-501018151346",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0108.02d1Organizational.23-02.d",
    - "hipaa-0124.05a3Organizational.1-05.a",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1305.02e3Organizational.23-02.e",
    - "hipaa-1314.02e2Organizational.5-02.e",
    - "hipaa-1324.07c1Organizational.3-07.c",
    - "hipaa-1327.02e2Organizational.8-02.e",
    - "hipaa-1334.02e2Organizational.12-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "82bd024a-5c99-05d6-96ff-01f539676a1a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0108.02d1Organizational.23-02.d",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1305.02e3Organizational.23-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3153d9c0-2584-14d3-362d-578b01358aeb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3153d9c0-2584-14d3-362d-578b01358aeb Retain training records ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0108.02d1Organizational.23-02.d",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1305.02e3Organizational.23-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "676c3c35-3c36-612c-9523-36d266a65000",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0108.02d1Organizational.23-02.d",
    - "hipaa-1304.02e3Organizational.1-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "21832235-7a07-61f4-530d-d596f76e5b95",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/21832235-7a07-61f4-530d-d596f76e5b95 Implement security testing, training, and monitoring plans ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0108.02d1Organizational.23-02.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c3b3cc61-9c70-5d78-7f12-1aefcc477db7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c3b3cc61-9c70-5d78-7f12-1aefcc477db7 Review security testing, training, and monitoring plans ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0108.02d1Organizational.23-02.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1cb7bf71-841c-4741-438a-67c65fdd7194",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0111.02d2Organizational.2-02.d",
    - "hipaa-0122.05a2Organizational.3-05.a",
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1304.02e3Organizational.1-02.e",
    - "hipaa-1308.09j1Organizational.5-09.j",
    - "hipaa-1309.01x1System.36-01.x",
    - "hipaa-1310.01y1Organizational.9-01.y",
    - "hipaa-1315.02e2Organizational.67-02.e",
    - "hipaa-1325.09s1Organizational.3-09.s",
    - "hipaa-1327.02e2Organizational.8-02.e",
    - "hipaa-1334.02e2Organizational.12-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d136ae80-54dd-321c-98b4-17acf4af2169",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [14 items
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0111.02d2Organizational.2-02.d",
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1308.09j1Organizational.5-09.j",
    - "hipaa-1309.01x1System.36-01.x",
    - "hipaa-1310.01y1Organizational.9-01.y",
    - "hipaa-1325.09s1Organizational.3-09.s",
    - "hipaa-1327.02e2Organizational.8-02.e",
    - "hipaa-1334.02e2Organizational.12-02.e",
    - "hipaa-1336.02e1Organizational.5-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "516be556-1353-080d-2c2f-f46f000d5785",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [15 items
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0111.02d2Organizational.2-02.d",
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1308.09j1Organizational.5-09.j",
    - "hipaa-1309.01x1System.36-01.x",
    - "hipaa-1310.01y1Organizational.9-01.y",
    - "hipaa-1315.02e2Organizational.67-02.e",
    - "hipaa-1325.09s1Organizational.3-09.s",
    - "hipaa-1327.02e2Organizational.8-02.e",
    - "hipaa-1334.02e2Organizational.12-02.e",
    - "hipaa-1336.02e1Organizational.5-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9b8b05ec-3d21-215e-5d98-0f7cf0998202",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0111.02d2Organizational.2-02.d",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1310.01y1Organizational.9-01.y",
    - "hipaa-1327.02e2Organizational.8-02.e",
    - "hipaa-1336.02e1Organizational.5-02.e",
    - "hipaa-1507.11a1Organizational.4-11.a",
    - "hipaa-1525.11a1Organizational.6-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d041726f-00e0-41ca-368c-b1a122066482",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1310.01y1Organizational.9-01.y",
    - "hipaa-1336.02e1Organizational.5-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f6794ab8-9a7d-3b24-76ab-265d3646232b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-1301.02e1Organizational.12-02.e",
    - "hipaa-1310.01y1Organizational.9-01.y",
    - "hipaa-1336.02e1Organizational.5-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5decc032-95bd-2163-9549-a41aba83228e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0135.02f1Organizational.56-02.f",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-1525.11a1Organizational.6-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6228396e-2ace-7ca5-3247-45767dbf52f4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0109.02d1Organizational.4-02.d",
    - "hipaa-0135.02f1Organizational.56-02.f",
    - "hipaa-1306.06e1Organizational.5-06.e",
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-1525.11a1Organizational.6-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0110.02d2Organizational.1-02.d",
    - "hipaa-01110.05a1Organizational.5-05.a",
    - "hipaa-01111.05a2Organizational.5-05.a",
    - "hipaa-0117.05a1Organizational.1-05.a",
    - "hipaa-0118.05a1Organizational.2-05.a",
    - "hipaa-0124.05a3Organizational.1-05.a",
    - "hipaa-1901.06d1Organizational.1-06.d",
    - "hipaa-19134.05j1Organizational.5-05.j",
    - "hipaa-19143.06c1Organizational.9-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3881168c-5d38-6f04-61cc-b5d87b2c4c58",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0111.02d2Organizational.2-02.d",
    - "hipaa-01110.05a1Organizational.5-05.a",
    - "hipaa-1407.05k2Organizational.1-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1431.05k1Organizational.7-05.k",
    - "hipaa-1432.05k1Organizational.89-05.k",
    - "hipaa-1452.05kCSPOrganizational.1-05.k",
    - "hipaa-1453.05kCSPOrganizational.2-05.k",
    - "hipaa-1455.05kCSPOrganizational.4-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e8c31e15-642d-600f-78ab-bad47a5787e6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0111.02d2Organizational.2-02.d",
    - "hipaa-01110.05a1Organizational.5-05.a",
    - "hipaa-0135.02f1Organizational.56-02.f",
    - "hipaa-1407.05k2Organizational.1-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1431.05k1Organizational.7-05.k",
    - "hipaa-1432.05k1Organizational.89-05.k",
    - "hipaa-1452.05kCSPOrganizational.1-05.k",
    - "hipaa-1455.05kCSPOrganizational.4-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b320aa42-33b4-53af-87ce-100091d48918",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0111.02d2Organizational.2-02.d",
    - "hipaa-01110.05a1Organizational.5-05.a",
    - "hipaa-1407.05k2Organizational.1-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1431.05k1Organizational.7-05.k",
    - "hipaa-1432.05k1Organizational.89-05.k",
    - "hipaa-1452.05kCSPOrganizational.1-05.k",
    - "hipaa-1455.05kCSPOrganizational.4-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "afd5d60a-48d2-8073-1ec2-6687e22f2ddd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0111.02d2Organizational.2-02.d",
    - "hipaa-1407.05k2Organizational.1-05.k",
    - "hipaa-1431.05k1Organizational.7-05.k",
    - "hipaa-1455.05kCSPOrganizational.4-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "fd81a1b3-2d7a-107c-507e-29b87d040c19",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0112.02d2Organizational.3-02.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7b28ba4f-0a87-46ac-62e1-46b7c09202a8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0112.02d2Organizational.3-02.d",
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-1108.01b1System.3-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1143.01c1System.123-01.c",
    - "hipaa-1145.01c2System.1-01.c",
    - "hipaa-1204.09aa1System.3-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "725164e5-3b21-1ec2-7e42-14f077862841",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0112.02d2Organizational.3-02.d",
    - "hipaa-0722.07a1Organizational.67-07.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "77cc89bb-774f-48d7-8a84-fb8c322c3000",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0112.02d2Organizational.3-02.d",
    - "hipaa-0722.07a1Organizational.67-07.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ffdaa742-0d6f-726f-3eac-6e6c34e36c93",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0112.02d2Organizational.3-02.d",
    - "hipaa-0225.09k1Organizational.1-09.k",
    - "hipaa-0226.09k1Organizational.2-09.k",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0401.01x1System.124579-01.x"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b1666a13-8f67-9c47-155e-69e027ff6823",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0114.04b1Organizational.1-04.b",
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0894.01m2Organizational.7-01.m",
    - "hipaa-11180.01c3System.6-01.c",
    - "hipaa-1123.01q1System.2-01.q",
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1143.01c1System.123-01.c",
    - "hipaa-1144.01c1System.4-01.c",
    - "hipaa-1146.01c2System.23-01.c",
    - "hipaa-1147.01c2System.456-01.c",
    - "hipaa-1148.01c2System.78-01.c",
    - "hipaa-1230.09c2Organizational.1-09.c",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1a2a03a4-9992-5788-5953-d8f6615306de",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0114.04b1Organizational.1-04.b",
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-1780.10a1Organizational.1-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "03d550b4-34ee-03f4-515f-f2e2faf7a413",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0114.04b1Organizational.1-04.b",
    - "hipaa-0115.04b2Organizational.123-04.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a28323fe-276d-3787-32d2-cef6395764c4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0114.04b1Organizational.1-04.b",
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-12101.09ab1Organizational.3-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "af227964-5b8b-22a2-9364-06d2cb9d6d7c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0114.04b1Organizational.1-04.b",
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0119.05a1Organizational.3-05.a",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0866.09m3Organizational.1516-09.m",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-1782.10a1Organizational.4-10.a",
    - "hipaa-1793.10a2Organizational.91011-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2067b904-9552-3259-0cdd-84468e284b7c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0114.04b1Organizational.1-04.b",
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0116.04b3Organizational.1-04.b",
    - "hipaa-18108.08j1Organizational.1-08.j",
    - "hipaa-18112.08j3Organizational.4-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f49925aa-9b11-76ae-10e2-6e973cc60f37",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0114.04b1Organizational.1-04.b",
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-1404.05i2Organizational.1-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a4493012-908c-5f48-a468-1e243be884ce",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0115.04b2Organizational.123-04.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "eb8a8df9-521f-3ccd-7e2c-3d1fcc812340",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0116.04b3Organizational.1-04.b",
    - "hipaa-0636.10k2Organizational.1-10.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e9c60c37-65b0-2d72-6c3c-af66036203ae",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-1603.12c1Organizational.9-12.c",
    - "hipaa-1607.12c2Organizational.4-12.c",
    - "hipaa-1668.12d1Organizational.67-12.d",
    - "hipaa-1672.12d2Organizational.3-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "29acfac0-4bb4-121b-8283-8943198b1549",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0115.04b2Organizational.123-04.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b28c8687-4bbd-8614-0b96-cdffa1ac6d9c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-1518.11c2Organizational.13-11.c",
    - "hipaa-1561.11d2Organizational.14-11.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b4e19d22-8c0e-7cad-3219-c84c62dc250f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0723.07a1Organizational.8-07.a",
    - "hipaa-18108.08j1Organizational.1-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "91cf132e-0c9f-37a8-a523-dc6a92cd2fb2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-1862.08d3Organizational.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "28aa060e-25c7-6121-05d8-a846f11433df",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0116.04b3Organizational.1-04.b",
    - "hipaa-0165.05a3Organizational.3-05.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0137.02a1Organizational.3-02.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "20012034-96f0-85c2-4a86-1ae1eb457802",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0121.05a2Organizational.12-05.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "adf517f3-6dcd-3546-9928-34777d0c277e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-0866.09m3Organizational.1516-09.m",
    - "hipaa-0914.09s1Organizational.6-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6bededc0-2985-54d5-4158-eb8bad8070a0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0115.04b2Organizational.123-04.b",
    - "hipaa-0116.04b3Organizational.1-04.b",
    - "hipaa-0162.04b1Organizational.2-04.b",
    - "hipaa-0708.10b2System.2-10.b",
    - "hipaa-18112.08j3Organizational.4-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "39eb03c1-97cc-11ab-0960-6209ed2869f7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0118.05a1Organizational.2-05.a",
    - "hipaa-0119.05a1Organizational.3-05.a",
    - "hipaa-0120.05a1Organizational.4-05.a",
    - "hipaa-0123.05a2Organizational.4-05.a",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0866.09m3Organizational.1516-09.m",
    - "hipaa-1506.11a1Organizational.2-11.a",
    - "hipaa-1782.10a1Organizational.4-10.a",
    - "hipaa-1787.10a2Organizational.1-10.a",
    - "hipaa-1793.10a2Organizational.91011-10.a",
    - "hipaa-1901.06d1Organizational.1-06.d",
    - "hipaa-19134.05j1Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6b957f60-54cd-5752-44d5-ff5a64366c93",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0119.05a1Organizational.3-05.a",
    - "hipaa-0816.01w1System.1-01.w",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0866.09m3Organizational.1516-09.m",
    - "hipaa-1781.10a1Organizational.23-10.a",
    - "hipaa-1782.10a1Organizational.4-10.a",
    - "hipaa-1790.10a2Organizational.45-10.a",
    - "hipaa-1793.10a2Organizational.91011-10.a",
    - "hipaa-19143.06c1Organizational.9-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "90a156a6-49ed-18d1-1052-69aac27c05cd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0120.05a1Organizational.4-05.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ab02bb73-4ce1-89dd-3905-d93042809ba0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0120.05a1Organizational.4-05.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "33d34fac-56a8-1c0f-0636-3ed94892a709",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0120.05a1Organizational.4-05.a",
    - "hipaa-0818.01w3System.12-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "70057208-70cc-7b31-3c3a-121af6bc1966",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0120.05a1Organizational.4-05.a",
    - "hipaa-0818.01w3System.12-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "06af77de-02ca-0f3e-838a-a9420fe466f5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0120.05a1Organizational.4-05.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "464a7d7a-2358-4869-0b49-6d582ca21292",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0120.05a1Organizational.4-05.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2d14ff7e-6ff9-838c-0cde-4962ccdb1689",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0120.05a1Organizational.4-05.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0121.05a2Organizational.12-05.a",
    - "hipaa-0125.05a3Organizational.2-05.a",
    - "hipaa-069.06g2Organizational.56-06.g",
    - "hipaa-0824.09m3Organizational.1-09.m",
    - "hipaa-1637.12b2Organizational.2-12.b",
    - "hipaa-17126.03c1System.6-03.c",
    - "hipaa-1733.03d1Organizational.1-03.d",
    - "hipaa-1736.03d2Organizational.4-03.d",
    - "hipaa-1737.03d2Organizational.5-03.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "677e1da4-00c3-287a-563d-f4a1cf9b99a0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0121.05a2Organizational.12-05.a",
    - "hipaa-0125.05a3Organizational.2-05.a",
    - "hipaa-0602.06g1Organizational.3-06.g",
    - "hipaa-069.06g2Organizational.56-06.g",
    - "hipaa-0824.09m3Organizational.1-09.m",
    - "hipaa-1637.12b2Organizational.2-12.b",
    - "hipaa-1704.03b1Organizational.12-03.b",
    - "hipaa-1705.03b2Organizational.12-03.b",
    - "hipaa-1733.03d1Organizational.1-03.d",
    - "hipaa-1737.03d2Organizational.5-03.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d7c1ecc3-2980-a079-1569-91aec8ac4a77",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0121.05a2Organizational.12-05.a",
    - "hipaa-0125.05a3Organizational.2-05.a",
    - "hipaa-069.06g2Organizational.56-06.g",
    - "hipaa-0824.09m3Organizational.1-09.m",
    - "hipaa-1637.12b2Organizational.2-12.b",
    - "hipaa-1705.03b2Organizational.12-03.b",
    - "hipaa-1735.03d2Organizational.23-03.d",
    - "hipaa-1737.03d2Organizational.5-03.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c6fe3856-4635-36b6-983c-070da12a953b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0121.05a2Organizational.12-05.a",
    - "hipaa-17126.03c1System.6-03.c",
    - "hipaa-1792.10a2Organizational.7814-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d36700f2-2f0d-7c2a-059c-bdadd1d79f70",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0121.05a2Organizational.12-05.a",
    - "hipaa-0179.05h1Organizational.4-05.h",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1314.02e2Organizational.5-02.e",
    - "hipaa-17126.03c1System.6-03.c",
    - "hipaa-1733.03d1Organizational.1-03.d",
    - "hipaa-1734.03d2Organizational.1-03.d",
    - "hipaa-1735.03d2Organizational.23-03.d",
    - "hipaa-1737.03d2Organizational.5-03.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5269d7e4-3768-501d-7e46-66c56c15622c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0123.05a2Organizational.4-05.a",
    - "hipaa-1506.11a1Organizational.2-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1c258345-5cd4-30c8-9ef3-5ee4dd5231d6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0125.05a3Organizational.2-05.a",
    - "hipaa-0177.05h1Organizational.12-05.h",
    - "hipaa-0601.06g1Organizational.124-06.g",
    - "hipaa-0604.06g2Organizational.2-06.g",
    - "hipaa-0614.06h2Organizational.12-06.h",
    - "hipaa-068.06g2Organizational.34-06.g",
    - "hipaa-0709.10m1Organizational.1-10.m",
    - "hipaa-0716.10m3Organizational.1-10.m",
    - "hipaa-0914.09s1Organizational.6-09.s",
    - "hipaa-1796.10a2Organizational.15-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c423e64d-995c-9f67-0403-b540f65ba42a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0125.05a3Organizational.2-05.a",
    - "hipaa-0177.05h1Organizational.12-05.h",
    - "hipaa-0178.05h1Organizational.3-05.h",
    - "hipaa-0180.05h2Organizational.1-05.h",
    - "hipaa-0601.06g1Organizational.124-06.g",
    - "hipaa-0614.06h2Organizational.12-06.h",
    - "hipaa-068.06g2Organizational.34-06.g",
    - "hipaa-0709.10m1Organizational.1-10.m",
    - "hipaa-0716.10m3Organizational.1-10.m",
    - "hipaa-0914.09s1Organizational.6-09.s",
    - "hipaa-1796.10a2Organizational.15-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b65c5d8e-9043-9612-2c17-65f231d763bb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0125.05a3Organizational.2-05.a",
    - "hipaa-0177.05h1Organizational.12-05.h",
    - "hipaa-0604.06g2Organizational.2-06.g",
    - "hipaa-0662.09sCSPOrganizational.2-09.s",
    - "hipaa-068.06g2Organizational.34-06.g",
    - "hipaa-0914.09s1Organizational.6-09.s",
    - "hipaa-1796.10a2Organizational.15-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3054c74b-9b45-2581-56cf-053a1a716c39",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0125.05a3Organizational.2-05.a",
    - "hipaa-0177.05h1Organizational.12-05.h",
    - "hipaa-1796.10a2Organizational.15-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8c5d3d8d-5cba-0def-257c-5ab9ea9644dc",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0125.05a3Organizational.2-05.a",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-069.06g2Organizational.56-06.g",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0824.09m3Organizational.1-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1314.02e2Organizational.5-02.e",
    - "hipaa-1635.12b1Organizational.2-12.b",
    - "hipaa-1637.12b2Organizational.2-12.b",
    - "hipaa-1638.12b2Organizational.345-12.b",
    - "hipaa-1704.03b1Organizational.12-03.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f78fc35e-1268-0bca-a798-afcba9d2330a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0177.05h1Organizational.12-05.h",
    - "hipaa-0614.06h2Organizational.12-06.h",
    - "hipaa-0662.09sCSPOrganizational.2-09.s",
    - "hipaa-0709.10m1Organizational.1-10.m",
    - "hipaa-0712.10m2Organizational.4-10.m",
    - "hipaa-12102.09ab1Organizational.4-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "70a7a065-a060-85f8-7863-eb7850ed2af9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0178.05h1Organizational.3-05.h",
    - "hipaa-0601.06g1Organizational.124-06.g",
    - "hipaa-0602.06g1Organizational.3-06.g",
    - "hipaa-0614.06h2Organizational.12-06.h",
    - "hipaa-068.06g2Organizational.34-06.g",
    - "hipaa-0709.10m1Organizational.1-10.m",
    - "hipaa-0716.10m3Organizational.1-10.m",
    - "hipaa-0914.09s1Organizational.6-09.s",
    - "hipaa-1796.10a2Organizational.15-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8e49107c-3338-40d1-02aa-d524178a2afe",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0178.05h1Organizational.3-05.h",
    - "hipaa-0601.06g1Organizational.124-06.g",
    - "hipaa-0602.06g1Organizational.3-06.g",
    - "hipaa-0614.06h2Organizational.12-06.h",
    - "hipaa-068.06g2Organizational.34-06.g",
    - "hipaa-0709.10m1Organizational.1-10.m",
    - "hipaa-0716.10m3Organizational.1-10.m",
    - "hipaa-0914.09s1Organizational.6-09.s",
    - "hipaa-1796.10a2Organizational.15-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "477bd136-7dd9-55f8-48ac-bae096b86a07",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0179.05h1Organizational.4-05.h",
    - "hipaa-0601.06g1Organizational.124-06.g",
    - "hipaa-0602.06g1Organizational.3-06.g",
    - "hipaa-12102.09ab1Organizational.4-09.ab",
    - "hipaa-1707.03c1Organizational.12-03.c",
    - "hipaa-1708.03c2Organizational.12-03.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d93fe1be-13e4-421d-9c21-3158e2fa2667",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d93fe1be-13e4-421d-9c21-3158e2fa2667 Implement plans of action and milestones for security program process ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0179.05h1Organizational.4-05.h"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0204.09j2Organizational.1-09.j",
    - "hipaa-0205.09j2Organizational.2-09.j",
    - "hipaa-0206.09j2Organizational.34-09.j",
    - "hipaa-0207.09j2Organizational.56-09.j",
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-0215.09j2Organizational.8-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0219.09j2Organizational.12-09.j",
    - "hipaa-0225.09k1Organizational.1-09.k",
    - "hipaa-0226.09k1Organizational.2-09.k",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0603.06g2Organizational.1-06.g",
    - "hipaa-0613.06h1Organizational.12-06.h"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "be38a620-000b-21cf-3cb3-ea151b704c3b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0603.06g2Organizational.1-06.g",
    - "hipaa-0613.06h1Organizational.12-06.h",
    - "hipaa-0614.06h2Organizational.12-06.h",
    - "hipaa-0615.06h2Organizational.3-06.h",
    - "hipaa-0628.10h1System.6-10.h",
    - "hipaa-0635.10k1Organizational.12-10.k",
    - "hipaa-0639.10k2Organizational.78-10.k",
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0671.10k1System.1-10.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ff136354-1c92-76dc-2dab-80fb7c6a9f1a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0711.10m2Organizational.23-10.m",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0717.10m3Organizational.2-10.m",
    - "hipaa-0718.10m3Organizational.34-10.m",
    - "hipaa-0719.10m3Organizational.5-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "50e81644-923d-33fc-6ebb-9733bc8d1a06",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0204.09j2Organizational.1-09.j",
    - "hipaa-0205.09j2Organizational.2-09.j",
    - "hipaa-0206.09j2Organizational.34-09.j",
    - "hipaa-0207.09j2Organizational.56-09.j",
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-0215.09j2Organizational.8-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0219.09j2Organizational.12-09.j",
    - "hipaa-0225.09k1Organizational.1-09.k",
    - "hipaa-0226.09k1Organizational.2-09.k",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0635.10k1Organizational.12-10.k",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0711.10m2Organizational.23-10.m",
    - "hipaa-0714.10m2Organizational.7-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "bf883b14-9c19-0f37-8825-5e39a8b66d5b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0711.10m2Organizational.23-10.m",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0717.10m3Organizational.2-10.m",
    - "hipaa-0718.10m3Organizational.34-10.m",
    - "hipaa-0719.10m3Organizational.5-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3d399cf3-8fc6-0efc-6ab0-1412f1198517",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0204.09j2Organizational.1-09.j",
    - "hipaa-0205.09j2Organizational.2-09.j",
    - "hipaa-0206.09j2Organizational.34-09.j",
    - "hipaa-0207.09j2Organizational.56-09.j",
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-0215.09j2Organizational.8-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0219.09j2Organizational.12-09.j",
    - "hipaa-0225.09k1Organizational.1-09.k",
    - "hipaa-0226.09k1Organizational.2-09.k",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0302.09o2Organizational.1-09.o",
    - "hipaa-0303.09o2Organizational.2-09.o",
    - "hipaa-0304.09o3Organizational.1-09.o"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "63f63e71-6c3f-9add-4c43-64de23e554a7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0204.09j2Organizational.1-09.j",
    - "hipaa-0205.09j2Organizational.2-09.j",
    - "hipaa-0206.09j2Organizational.34-09.j",
    - "hipaa-0207.09j2Organizational.56-09.j",
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-0215.09j2Organizational.8-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0219.09j2Organizational.12-09.j",
    - "hipaa-0225.09k1Organizational.1-09.k",
    - "hipaa-0226.09k1Organizational.2-09.k",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0635.10k1Organizational.12-10.k",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0724.07a3Organizational.4-07.a",
    - "hipaa-0809.01n2Organizational.1234-01.n"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4a6f5cbd-6c6b-006f-2bb1-091af1441bce",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0204.09j2Organizational.1-09.j",
    - "hipaa-0205.09j2Organizational.2-09.j",
    - "hipaa-0206.09j2Organizational.34-09.j",
    - "hipaa-0207.09j2Organizational.56-09.j",
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-0215.09j2Organizational.8-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0219.09j2Organizational.12-09.j",
    - "hipaa-0225.09k1Organizational.1-09.k",
    - "hipaa-0226.09k1Organizational.2-09.k",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0635.10k1Organizational.12-10.k",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0724.07a3Organizational.4-07.a",
    - "hipaa-0901.09s1Organizational.1-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "fad161f5-5261-401a-22dd-e037bae011bd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [15 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0204.09j2Organizational.1-09.j",
    - "hipaa-0205.09j2Organizational.2-09.j",
    - "hipaa-0207.09j2Organizational.56-09.j",
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-0215.09j2Organizational.8-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0219.09j2Organizational.12-09.j",
    - "hipaa-0225.09k1Organizational.1-09.k",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0635.10k1Organizational.12-10.k",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0724.07a3Organizational.4-07.a",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1308.09j1Organizational.5-09.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0204.09j2Organizational.1-09.j",
    - "hipaa-0205.09j2Organizational.2-09.j",
    - "hipaa-0206.09j2Organizational.34-09.j",
    - "hipaa-0207.09j2Organizational.56-09.j",
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-0215.09j2Organizational.8-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0219.09j2Organizational.12-09.j",
    - "hipaa-0225.09k1Organizational.1-09.k",
    - "hipaa-0226.09k1Organizational.2-09.k",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0635.10k1Organizational.12-10.k",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0724.07a3Organizational.4-07.a",
    - "hipaa-0901.09s1Organizational.1-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8f835d6a-4d13-9a9c-37dc-176cebd37fda",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0504.09m2Organizational.5-09.m",
    - "hipaa-0505.09m2Organizational.3-09.m",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0825.09m3Organizational.23-09.m",
    - "hipaa-0858.09m1Organizational.4-09.m",
    - "hipaa-0861.09m2Organizational.67-09.m",
    - "hipaa-12100.09ab2System.15-09.ab",
    - "hipaa-1217.09ab3System.3-09.ab",
    - "hipaa-1411.09f1System.1-09.f",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1812.08b3Organizational.46-08.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "86ecd378-a3a0-5d5b-207c-05e6aaca43fc",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0201.09j1Organizational.124-09.j",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0825.09m3Organizational.23-09.m",
    - "hipaa-0870.09m3Organizational.20-09.m",
    - "hipaa-1411.09f1System.1-09.f"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0201.09j1Organizational.124-09.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "microsoftAntimalwareForAzureShouldBeConfiguredToAutomaticallyUpdateProtectionSignatures",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0201.09j1Organizational.124-09.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "333b4ada-4a02-0648-3d4d-d812974f1bb2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0947.09y2Organizational.2-09.y",
    - "hipaa-1207.09aa2System.4-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "10874318-0bf7-a41f-8463-03e395482080",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/10874318-0bf7-a41f-8463-03e395482080 Correlate audit records ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1222.09ab3System.8-09.ab",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b3c8cc83-20d3-3890-8bc8-5568777670f4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f741c4e6-41eb-15a4-25a2-61ac7ca232f0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1222.09ab3System.8-09.ab",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a830fe9e-08c9-a4fb-420c-6f6bf1702395",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-1106.01b1System.1-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1166.01e1System.12-01.e",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c",
    - "hipaa-1808.08b2Organizational.7-08.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f27a298f-9443-014a-0d40-fef12adf0259",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6625638f-3ba1-7404-5983-0ea33d719d34",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [15 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-1207.09aa2System.4-09.aa",
    - "hipaa-1210.09aa3System.3-09.aa",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1230.09c2Organizational.1-09.c",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8aec4343-9153-9641-172c-defb201f56b3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f48b60c6-4b37-332f-7288-b6ea50d300eb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "70fe686f-1f91-7dab-11bf-bca4201e183b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-0216.09j2Organizational.9-09.j",
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-12103.09ab1Organizational.5-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "85335602-93f5-7730-830b-d43426fd51fa",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3eecf628-a1c8-1b48-1b5c-7ca781e97970",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-12101.09ab1Organizational.3-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "de251b09-4a5e-1204-4bef-62ac58d47999",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0202.09j1Organizational.3-09.j",
    - "hipaa-12101.09ab1Organizational.3-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ece8bb17-4080-5127-915f-dc7267ee8549",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0204.09j2Organizational.1-09.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f30edfad-4e1d-1eef-27ee-9292d6d89842",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0204.09j2Organizational.1-09.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "18e9d748-73d4-0c96-55ab-b108bfbd5bc3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0204.09j2Organizational.1-09.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0204.09j2Organizational.1-09.j",
    - "hipaa-1785.10a1Organizational.8-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9622aaa9-5c49-40e2-5bf8-660b7cd23deb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0205.09j2Organizational.2-09.j",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1217.09ab3System.3-09.ab",
    - "hipaa-1218.09ab3System.47-09.ab",
    - "hipaa-1222.09ab3System.8-09.ab",
    - "hipaa-1512.11a2Organizational.8-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2b4e134f-1e4c-2bff-573e-082d85479b6e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0205.09j2Organizational.2-09.j",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1217.09ab3System.3-09.ab",
    - "hipaa-1218.09ab3System.47-09.ab",
    - "hipaa-1222.09ab3System.8-09.ab",
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1506.11a1Organizational.2-11.a",
    - "hipaa-1508.11a2Organizational.1-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "af38215f-70c4-0cd6-40c2-c52d86690a45",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0205.09j2Organizational.2-09.j",
    - "hipaa-0724.07a3Organizational.4-07.a",
    - "hipaa-1119.01j2Organizational.3-01.j",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1217.09ab3System.3-09.ab",
    - "hipaa-1218.09ab3System.47-09.ab",
    - "hipaa-1222.09ab3System.8-09.ab",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-1512.11a2Organizational.8-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "dad8a2e9-6f27-4fc2-8933-7e99fe700c9c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0208.09j2Organizational.7-09.j",
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0912.09s1Organizational.4-09.s",
    - "hipaa-1118.01j2Organizational.124-01.j",
    - "hipaa-1121.01j3Organizational.2-01.j",
    - "hipaa-1179.01j3Organizational.1-01.j",
    - "hipaa-1785.10a1Organizational.8-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8a703eb5-4e53-701b-67e4-05ba2f7930c8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0208.09j2Organizational.7-09.j",
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-1785.10a1Organizational.8-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b8972f60-8d77-1cb8-686f-9c9f4cdd8a59",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0208.09j2Organizational.7-09.j",
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-1785.10a1Organizational.8-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "311802f9-098d-0659-245a-94c5d47c0182",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0208.09j2Organizational.7-09.j",
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-0944.09y1Organizational.2-09.y",
    - "hipaa-1423.05j2Organizational.4-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a44c9fba-43f8-4b7b-7ee6-db52c96b4366",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0209.09m3Organizational.7-09.m",
    - "hipaa-0306.09q1Organizational.3-09.q"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e54901fe-42c2-7f3b-3c5f-327aa5320a69",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0209.09m3Organizational.7-09.m",
    - "hipaa-0306.09q1Organizational.3-09.q"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "db28735f-518f-870e-15b4-49623cbe3aa0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [14 items
    - "hipaa-0209.09m3Organizational.7-09.m",
    - "hipaa-0603.06g2Organizational.1-06.g",
    - "hipaa-0626.10h1System.3-10.h",
    - "hipaa-0627.10h1System.45-10.h",
    - "hipaa-0628.10h1System.6-10.h",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-0708.10b2System.2-10.b",
    - "hipaa-0733.10b2System.4-10.b",
    - "hipaa-0791.10b2Organizational.4-10.b",
    - "hipaa-0871.09m3Organizational.22-09.m",
    - "hipaa-1206.09aa2System.23-09.aa",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1220.09ab3System.56-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0209.09m3Organizational.7-09.m",
    - "hipaa-0626.10h1System.3-10.h",
    - "hipaa-0628.10h1System.6-10.h",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-0869.09m3Organizational.19-09.m",
    - "hipaa-1206.09aa2System.23-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8019d788-713d-90a1-5570-dac5052f517d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0209.09m3Organizational.7-09.m",
    - "hipaa-1713.03c1Organizational.3-03.c",
    - "hipaa-1902.06d1Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8b1da407-5e60-5037-612e-2caa1b590719",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0209.09m3Organizational.7-09.m",
    - "hipaa-1713.03c1Organizational.3-03.c",
    - "hipaa-1902.06d1Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "03b6427e-6072-4226-4bd9-a410ab65317e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-11180.01c3System.6-01.c",
    - "hipaa-11219.01b1Organizational.10-01.b",
    - "hipaa-1123.01q1System.2-01.q",
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1143.01c1System.123-01.c",
    - "hipaa-1144.01c1System.4-01.c",
    - "hipaa-1146.01c2System.23-01.c",
    - "hipaa-1147.01c2System.456-01.c",
    - "hipaa-1148.01c2System.78-01.c",
    - "hipaa-1152.01c3System.2-01.c",
    - "hipaa-1168.01e2System.2-01.e",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1271.09ad1System.1-09.ad",
    - "hipaa-1271.09ad2System.1",
    - "hipaa-1276.09c2Organizational.2-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1bc7fd64-291f-028e-4ed6-6e07886e163f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-11180.01c3System.6-01.c",
    - "hipaa-11219.01b1Organizational.10-01.b",
    - "hipaa-1123.01q1System.2-01.q",
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1143.01c1System.123-01.c",
    - "hipaa-1144.01c1System.4-01.c",
    - "hipaa-1146.01c2System.23-01.c",
    - "hipaa-1147.01c2System.456-01.c",
    - "hipaa-1148.01c2System.78-01.c",
    - "hipaa-1152.01c3System.2-01.c",
    - "hipaa-1168.01e2System.2-01.e",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1271.09ad1System.1-09.ad",
    - "hipaa-1271.09ad2System.1",
    - "hipaa-1276.09c2Organizational.2-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2af551d5-1775-326a-0589-590bfb7e9eb2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0214.09j1Organizational.6-09.j",
    - "hipaa-0605.10h1System.12-10.h",
    - "hipaa-1134.01v3System.1-01.v"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f26af0b1-65b6-689a-a03f-352ad2d00f98",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1145.01c2System.1-01.c",
    - "hipaa-1151.01c3System.1-01.c",
    - "hipaa-1152.01c3System.2-01.c",
    - "hipaa-1207.09aa2System.4-09.aa",
    - "hipaa-1210.09aa3System.3-09.aa",
    - "hipaa-1214.09ab2System.3456-09.ab",
    - "hipaa-1230.09c2Organizational.1-09.c",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "49c23d9b-02b0-0e42-4f94-e8cef1b8381b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-1106.01b1System.1-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1166.01e1System.12-01.e",
    - "hipaa-1207.09aa2System.4-09.aa",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1210.09aa3System.3-09.aa",
    - "hipaa-1230.09c2Organizational.1-09.c",
    - "hipaa-1808.08b2Organizational.7-08.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2f67e567-03db-9d1f-67dc-b6ffb91312f4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m",
    - "hipaa-1202.09aa1System.1-09.aa",
    - "hipaa-1203.09aa1System.2-09.aa",
    - "hipaa-1204.09aa1System.3-09.aa",
    - "hipaa-1205.09aa2System.1-09.aa",
    - "hipaa-1206.09aa2System.23-09.aa",
    - "hipaa-1207.09aa2System.4-09.aa",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1209.09aa3System.2-09.aa",
    - "hipaa-1210.09aa3System.3-09.aa",
    - "hipaa-1214.09ab2System.3456-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1230.09c2Organizational.1-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a30bd8e9-7064-312a-0e1f-e1b485d59f6e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0217.09j2Organizational.10-09.j",
    - "hipaa-0714.10m2Organizational.7-10.m",
    - "hipaa-0790.10m3Organizational.22-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1afada58-8b34-7ac2-a38a-983218635201",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0225.09k1Organizational.1-09.k",
    - "hipaa-0226.09k1Organizational.2-09.k",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0401.01x1System.124579-01.x"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "291f20d4-8d93-1d73-89f3-6ce28b825563",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0225.09k1Organizational.1-09.k",
    - "hipaa-0226.09k1Organizational.2-09.k",
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0401.01x1System.124579-01.x"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "aeed863a-0f56-429f-945d-8bb66bd06841",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0894.01m2Organizational.7-01.m",
    - "hipaa-11180.01c3System.6-01.c",
    - "hipaa-1123.01q1System.2-01.q",
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1143.01c1System.123-01.c",
    - "hipaa-1144.01c1System.4-01.c",
    - "hipaa-1146.01c2System.23-01.c",
    - "hipaa-1147.01c2System.456-01.c",
    - "hipaa-1148.01c2System.78-01.c",
    - "hipaa-1230.09c2Organizational.1-09.c",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-19141.06c1Organizational.7-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "50e9324a-7410-0539-0662-2c1e775538b7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0894.01m2Organizational.7-01.m",
    - "hipaa-11180.01c3System.6-01.c",
    - "hipaa-1123.01q1System.2-01.q",
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1143.01c1System.123-01.c",
    - "hipaa-1144.01c1System.4-01.c",
    - "hipaa-1146.01c2System.23-01.c",
    - "hipaa-1147.01c2System.456-01.c",
    - "hipaa-1148.01c2System.78-01.c",
    - "hipaa-1230.09c2Organizational.1-09.c",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-19141.06c1Organizational.7-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "10c4210b-3ec9-9603-050d-77e4d26c7ebb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0894.01m2Organizational.7-01.m",
    - "hipaa-1230.09c2Organizational.1-09.c",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-19141.06c1Organizational.7-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "de770ba6-50dd-a316-2932-e0d972eaa734",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-0894.01m2Organizational.7-01.m",
    - "hipaa-1106.01b1System.1-01.b",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1143.01c1System.123-01.c",
    - "hipaa-1145.01c2System.1-01.c",
    - "hipaa-1153.01c3System.35-01.c",
    - "hipaa-1230.09c2Organizational.1-09.c",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1271.09ad1System.1-09.ad",
    - "hipaa-1271.09ad2System.1",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-19141.06c1Organizational.7-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "eb1c944e-0e94-647b-9b7e-fdb8d2af0838",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0894.01m2Organizational.7-01.m",
    - "hipaa-1230.09c2Organizational.1-09.c",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-19141.06c1Organizational.7-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0401.01x1System.124579-01.x",
    - "hipaa-0403.01x1System.8-01.x",
    - "hipaa-0405.01y1Organizational.12345678-01.y",
    - "hipaa-0407.01y2Organizational.1-01.y",
    - "hipaa-0409.01y3Organizational.3-01.y",
    - "hipaa-0410.01x1System.12-01.xMobileComputingandCommunications",
    - "hipaa-0415.01y1Organizational.10-01.y",
    - "hipaa-0416.01y3Organizational.4-01.y",
    - "hipaa-0417.01y3Organizational.5-01.y",
    - "hipaa-0425.01x1System.13-01.x",
    - "hipaa-0426.01x2System.1-01.x",
    - "hipaa-0427.01x2System.2-01.x",
    - "hipaa-0428.01x2System.3-01.x",
    - "hipaa-0429.01x1System.14-01.x"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b11697e8-9515-16f1-7a35-477d5c8a1344",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0227.09k2Organizational.12-09.k",
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0401.01x1System.124579-01.x",
    - "hipaa-0403.01x1System.8-01.x",
    - "hipaa-0410.01x1System.12-01.xMobileComputingandCommunications",
    - "hipaa-0416.01y3Organizational.4-01.y",
    - "hipaa-0426.01x2System.1-01.x",
    - "hipaa-0427.01x2System.2-01.x",
    - "hipaa-0428.01x2System.3-01.x",
    - "hipaa-0429.01x1System.14-01.x",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-08101.09m2Organizational.14-09.m",
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-0862.09m2Organizational.8-09.m",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-0902.09s2Organizational.13-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "bd4dc286-2f30-5b95-777c-681f3a7913d3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0602.06g1Organizational.3-06.g",
    - "hipaa-0605.10h1System.12-10.h",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1211.09aa3System.4-09.aa",
    - "hipaa-1734.03d2Organizational.1-03.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8747b573-8294-86a0-8914-49e9b06a5ace",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0602.06g1Organizational.3-06.g",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1211.09aa3System.4-09.aa",
    - "hipaa-1734.03d2Organizational.1-03.d",
    - "hipaa-1735.03d2Organizational.23-03.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1282809c-9001-176b-4a81-260a085f4872",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0602.06g1Organizational.3-06.g",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1211.09aa3System.4-09.aa",
    - "hipaa-1734.03d2Organizational.1-03.d",
    - "hipaa-1735.03d2Organizational.23-03.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "92b49e92-570f-1765-804a-378e6c592e28",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0671.10k1System.1-10.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "203101f5-99a3-1491-1b56-acccd9b66a9e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1734.03d2Organizational.1-03.d",
    - "hipaa-1735.03d2Organizational.23-03.d",
    - "hipaa-1788.10a2Organizational.2-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d18af1ac-0086-4762-6dc8-87cdded90e39",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1734.03d2Organizational.1-03.d",
    - "hipaa-1735.03d2Organizational.23-03.d",
    - "hipaa-1787.10a2Organizational.1-10.a",
    - "hipaa-1788.10a2Organizational.2-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "058e9719-1ff9-3653-4230-23f76b6492e0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0603.06g2Organizational.1-06.g",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0627.10h1System.45-10.h",
    - "hipaa-0639.10k2Organizational.78-10.k",
    - "hipaa-0642.10k3Organizational.12-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0710.10m2Organizational.1-10.m",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0869.09m3Organizational.19-09.m",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1791.10a2Organizational.6-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5c33538e-02f8-0a7f-998b-a4c1e22076d3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0603.06g2Organizational.1-06.g",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-0710.10m2Organizational.1-10.m",
    - "hipaa-1791.10a2Organizational.6-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0123edae-3567-a05a-9b05-b53ebe9d3e7e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0228.09k2Organizational.3-09.k",
    - "hipaa-0603.06g2Organizational.1-06.g",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0626.10h1System.3-10.h",
    - "hipaa-0627.10h1System.45-10.h",
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-0708.10b2System.2-10.b",
    - "hipaa-0710.10m2Organizational.1-10.m",
    - "hipaa-1206.09aa2System.23-09.aa",
    - "hipaa-1220.09ab3System.56-09.ab",
    - "hipaa-1791.10a2Organizational.6-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "04b3e7f6-4841-888d-4799-cda19a0084f6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0504.09m2Organizational.5-09.m",
    - "hipaa-0858.09m1Organizational.4-09.m",
    - "hipaa-0861.09m2Organizational.67-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d42a8f69-a193-6cbc-48b9-04a9e29961f1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0504.09m2Organizational.5-09.m",
    - "hipaa-0858.09m1Organizational.4-09.m",
    - "hipaa-0861.09m2Organizational.67-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b6ad009f-5c24-1dc0-a25e-74b60e4da45f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0305.09q1Organizational.12-09.q",
    - "hipaa-0408.01y3Organizational.12-01.y",
    - "hipaa-0415.01y1Organizational.10-01.y",
    - "hipaa-0416.01y3Organizational.4-01.y",
    - "hipaa-1803.08b1Organizational.5-08.b",
    - "hipaa-18110.08j1Organizational.5-08.j",
    - "hipaa-1819.08j1Organizational.23-08.j",
    - "hipaa-1820.08j2Organizational.1-08.j",
    - "hipaa-1821.08j2Organizational.3-08.j",
    - "hipaa-1822.08j2Organizational.2-08.j",
    - "hipaa-1823.08j3Organizational.12-08.j",
    - "hipaa-1824.08j3Organizational.3-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1fb1cb0e-1936-6f32-42fd-89970b535855",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0305.09q1Organizational.12-09.q",
    - "hipaa-0408.01y3Organizational.12-01.y",
    - "hipaa-0415.01y1Organizational.10-01.y",
    - "hipaa-0416.01y3Organizational.4-01.y",
    - "hipaa-18110.08j1Organizational.5-08.j",
    - "hipaa-18112.08j3Organizational.4-08.j",
    - "hipaa-1819.08j1Organizational.23-08.j",
    - "hipaa-1820.08j2Organizational.1-08.j",
    - "hipaa-1821.08j2Organizational.3-08.j",
    - "hipaa-1822.08j2Organizational.2-08.j",
    - "hipaa-1823.08j3Organizational.12-08.j",
    - "hipaa-1824.08j3Organizational.3-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e435f7e3-0dd9-58c9-451f-9b44b96c0232",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0302.09o2Organizational.1-09.o",
    - "hipaa-0303.09o2Organizational.2-09.o",
    - "hipaa-0304.09o3Organizational.1-09.o",
    - "hipaa-0305.09q1Organizational.12-09.q",
    - "hipaa-0306.09q1Organizational.3-09.q",
    - "hipaa-0308.09q3Organizational.1-09.q",
    - "hipaa-0314.09q3Organizational.2-09.q",
    - "hipaa-0403.01x1System.8-01.x",
    - "hipaa-0408.01y3Organizational.12-01.y",
    - "hipaa-0415.01y1Organizational.10-01.y",
    - "hipaa-0426.01x2System.1-01.x",
    - "hipaa-0429.01x1System.14-01.x",
    - "hipaa-0505.09m2Organizational.3-09.m",
    - "hipaa-08101.09m2Organizational.14-09.m",
    - "hipaa-0901.09s1Organizational.1-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "eaaae23f-92c9-4460-51cf-913feaea4d52",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0302.09o2Organizational.1-09.o",
    - "hipaa-0303.09o2Organizational.2-09.o",
    - "hipaa-0304.09o3Organizational.1-09.o",
    - "hipaa-0305.09q1Organizational.12-09.q",
    - "hipaa-0308.09q3Organizational.1-09.q",
    - "hipaa-0403.01x1System.8-01.x",
    - "hipaa-0408.01y3Organizational.12-01.y",
    - "hipaa-0415.01y1Organizational.10-01.y",
    - "hipaa-0426.01x2System.1-01.x",
    - "hipaa-0505.09m2Organizational.3-09.m",
    - "hipaa-08101.09m2Organizational.14-09.m",
    - "hipaa-0947.09y2Organizational.2-09.y",
    - "hipaa-18109.08j1Organizational.4-08.j",
    - "hipaa-18127.08l1Organizational.3-08.l",
    - "hipaa-18130.09p1Organizational.24-09.p"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4ac81669-00e2-9790-8648-71bc11bc91eb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0302.09o2Organizational.1-09.o",
    - "hipaa-0303.09o2Organizational.2-09.o",
    - "hipaa-0305.09q1Organizational.12-09.q",
    - "hipaa-0308.09q3Organizational.1-09.q",
    - "hipaa-0314.09q3Organizational.2-09.q",
    - "hipaa-0403.01x1System.8-01.x",
    - "hipaa-0426.01x2System.1-01.x",
    - "hipaa-0505.09m2Organizational.3-09.m",
    - "hipaa-08101.09m2Organizational.14-09.m",
    - "hipaa-0947.09y2Organizational.2-09.y",
    - "hipaa-1816.08d2Organizational.4-08.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "36b74844-4a99-4c80-1800-b18a516d1585",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0302.09o2Organizational.1-09.o",
    - "hipaa-0303.09o2Organizational.2-09.o",
    - "hipaa-0304.09o3Organizational.1-09.o",
    - "hipaa-0305.09q1Organizational.12-09.q",
    - "hipaa-0429.01x1System.14-01.x",
    - "hipaa-0915.09s2Organizational.2-09.s",
    - "hipaa-0916.09s2Organizational.4-09.s",
    - "hipaa-1022.01d1System.15-01.d",
    - "hipaa-1423.05j2Organizational.4-05.j",
    - "hipaa-19142.06c1Organizational.8-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6122970b-8d4a-7811-0278-4c6c68f61e4f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0301.09o1Organizational.123-09.o",
    - "hipaa-0302.09o2Organizational.1-09.o",
    - "hipaa-0303.09o2Organizational.2-09.o",
    - "hipaa-0304.09o3Organizational.1-09.o",
    - "hipaa-0305.09q1Organizational.12-09.q",
    - "hipaa-0429.01x1System.14-01.x",
    - "hipaa-0916.09s2Organizational.4-09.s",
    - "hipaa-1022.01d1System.15-01.d",
    - "hipaa-19142.06c1Organizational.8-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AuditSQLTransparentDataEncryptionStatus",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0301.09o1Organizational.123-09.o"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "RequireencryptiononDataLakeStoreaccounts",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a Require encryption on Data Lake Store accounts ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0304.09o3Organizational.1-09.o"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyWithDenyMonitoringEffect')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0304.09o3Organizational.1-09.o"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('ensureServerTDEIsEncryptedWithYourOwnKeyWithDenyMonitoringEffect')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0304.09o3Organizational.1-09.o"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e4b00788-7e1c-33ec-0418-d048508e095b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0306.09q1Organizational.3-09.q",
    - "hipaa-1003.01d1System.3-01.d",
    - "hipaa-1006.01d2System.1-01.d",
    - "hipaa-1014.01d1System.12-01.d",
    - "hipaa-1903.06d1Organizational.3456711-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "37dbe3dc-0e9c-24fa-36f2-11197cbfa207",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0306.09q1Organizational.3-09.q"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "eda0cbb7-6043-05bf-645b-67411f1a59b3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0306.09q1Organizational.3-09.q",
    - "hipaa-1006.01d2System.1-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "59bedbdc-0ba9-39b9-66bb-1d1c192384e6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0307.09q2Organizational.12-09.q",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-0822.09m2Organizational.4-09.m",
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-0928.09v1Organizational.45-09.v",
    - "hipaa-0929.09v1Organizational.6-09.v",
    - "hipaa-0944.09y1Organizational.2-09.y",
    - "hipaa-1131.01v2System.2-01.v",
    - "hipaa-1150.01c2System.10-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "79365f13-8ba4-1f6c-2ac4-aa39929f56d0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0307.09q2Organizational.12-09.q",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0822.09m2Organizational.4-09.m",
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-0944.09y1Organizational.2-09.y",
    - "hipaa-1131.01v2System.2-01.v",
    - "hipaa-1150.01c2System.10-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0314.09q3Organizational.2-09.q",
    - "hipaa-0904.10f2Organizational.1-10.f",
    - "hipaa-1192.01l1Organizational.1-01.l",
    - "hipaa-1193.01l2Organizational.13-01.l",
    - "hipaa-1808.08b2Organizational.7-08.b",
    - "hipaa-1811.08b3Organizational.3-08.b",
    - "hipaa-1845.08b1Organizational.7-08.b",
    - "hipaa-1847.08b2Organizational.910-08.b",
    - "hipaa-1848.08b2Organizational.11-08.b",
    - "hipaa-1892.01l1Organizational.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c4ccd607-702b-8ae6-8eeb-fc3339cd4b42",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0314.09q3Organizational.2-09.q",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0903.10f1Organizational.1-10.f",
    - "hipaa-0904.10f2Organizational.1-10.f",
    - "hipaa-0913.09s1Organizational.5-09.s",
    - "hipaa-0928.09v1Organizational.45-09.v",
    - "hipaa-0945.09y1Organizational.3-09.y",
    - "hipaa-099.09m2Organizational.11-09.m",
    - "hipaa-1005.01d1System.1011-01.d",
    - "hipaa-1007.01d2System.2-01.d",
    - "hipaa-1903.06d1Organizational.3456711-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d661e9eb-4e15-5ba1-6f02-cdc467db0d6c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0314.09q3Organizational.2-09.q",
    - "hipaa-0904.10f2Organizational.1-10.f"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7a0ecd94-3699-5273-76a5-edb8499f655a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0314.09q3Organizational.2-09.q",
    - "hipaa-0904.10f2Organizational.1-10.f"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "97d91b33-7050-237b-3e23-a77d57d84e13",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0314.09q3Organizational.2-09.q",
    - "hipaa-0904.10f2Organizational.1-10.f",
    - "hipaa-0948.09y2Organizational.3-09.y"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9c276cf3-596f-581a-7fbd-f5e46edaa0f4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0314.09q3Organizational.2-09.q",
    - "hipaa-0904.10f2Organizational.1-10.f"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8d140e8b-76c7-77de-1d46-ed1b2e112444",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0314.09q3Organizational.2-09.q",
    - "hipaa-0904.10f2Organizational.1-10.f"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "01ae60e2-38bb-0a32-7b20-d3a091423409",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0401.01x1System.124579-01.x",
    - "hipaa-0663.10h1System.7-10.h",
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0808.10b2System.3-10.b",
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-08101.09m2Organizational.14-09.m",
    - "hipaa-08102.09nCSPOrganizational.1-09.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0815.01o2Organizational.123-01.o",
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-0822.09m2Organizational.4-09.m",
    - "hipaa-0825.09m3Organizational.23-09.m",
    - "hipaa-0826.09m3Organizational.45-09.m",
    - "hipaa-0829.09m3Organizational.911-09.m",
    - "hipaa-0830.09m3Organizational.1012-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "678ca228-042d-6d8e-a598-c58d5670437d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0401.01x1System.124579-01.x",
    - "hipaa-0916.09s2Organizational.4-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "41172402-8d73-64c7-0921-909083c086b0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0403.01x1System.8-01.x",
    - "hipaa-0426.01x2System.1-01.x",
    - "hipaa-0427.01x2System.2-01.x",
    - "hipaa-0428.01x2System.3-01.x",
    - "hipaa-0429.01x1System.14-01.x",
    - "hipaa-0627.10h1System.45-10.h"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1fdf0b24-4043-3c55-357e-036985d50b52",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0403.01x1System.8-01.x",
    - "hipaa-0426.01x2System.1-01.x",
    - "hipaa-0427.01x2System.2-01.x",
    - "hipaa-0428.01x2System.3-01.x",
    - "hipaa-0429.01x1System.14-01.x",
    - "hipaa-0627.10h1System.45-10.h"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0407.01y2Organizational.1-01.y",
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0912.09s1Organizational.4-09.s",
    - "hipaa-1118.01j2Organizational.124-01.j",
    - "hipaa-1121.01j3Organizational.2-01.j",
    - "hipaa-1179.01j3Organizational.1-01.j",
    - "hipaa-1816.08d2Organizational.4-08.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "05ec66a2-137c-14b8-8e75-3d7a2bef07f8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0408.01y3Organizational.12-01.y",
    - "hipaa-11190.01t1Organizational.3-01.t",
    - "hipaa-1192.01l1Organizational.1-01.l",
    - "hipaa-1193.01l2Organizational.13-01.l",
    - "hipaa-1801.08b1Organizational.124-08.b",
    - "hipaa-1804.08b2Organizational.12-08.b",
    - "hipaa-1808.08b2Organizational.7-08.b",
    - "hipaa-1811.08b3Organizational.3-08.b",
    - "hipaa-1813.08b3Organizational.56-08.b",
    - "hipaa-1814.08d1Organizational.12-08.d",
    - "hipaa-18146.08b3Organizational.8-08.b",
    - "hipaa-1815.08d2Organizational.123-08.d",
    - "hipaa-1817.08d3Organizational.12-08.d",
    - "hipaa-1818.08d3Organizational.3-08.d",
    - "hipaa-1845.08b1Organizational.7-08.b",
    - "hipaa-1846.08b2Organizational.8-08.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ae5345d5-8dab-086a-7290-db43a3272198",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0504.09m2Organizational.5-09.m",
    - "hipaa-0858.09m1Organizational.4-09.m",
    - "hipaa-0861.09m2Organizational.67-09.m",
    - "hipaa-0916.09s2Organizational.4-09.s",
    - "hipaa-0927.09v1Organizational.3-09.v",
    - "hipaa-1022.01d1System.15-01.d",
    - "hipaa-11190.01t1Organizational.3-01.t",
    - "hipaa-1121.01j3Organizational.2-01.j",
    - "hipaa-1175.01j1Organizational.8-01.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7d7a8356-5c34-9a95-3118-1424cfaf192a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0505.09m2Organizational.3-09.m",
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-0830.09m3Organizational.1012-09.m",
    - "hipaa-0916.09s2Organizational.4-09.s",
    - "hipaa-0927.09v1Organizational.3-09.v",
    - "hipaa-1022.01d1System.15-01.d",
    - "hipaa-11109.01q1Organizational.57-01.q",
    - "hipaa-11112.01q2Organizational.67-01.q",
    - "hipaa-11190.01t1Organizational.3-01.t",
    - "hipaa-1121.01j3Organizational.2-01.j",
    - "hipaa-1122.01q1System.1-01.q",
    - "hipaa-1125.01q2System.1-01.q",
    - "hipaa-1175.01j1Organizational.8-01.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "aa0ddd99-43eb-302d-3f8f-42b499182960",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0505.09m2Organizational.3-09.m",
    - "hipaa-1331.02e3Organizational.4-02.e",
    - "hipaa-1812.08b3Organizational.46-08.b",
    - "hipaa-1813.08b3Organizational.56-08.b",
    - "hipaa-18145.08b3Organizational.7-08.b",
    - "hipaa-18146.08b3Organizational.8-08.b",
    - "hipaa-1816.08d2Organizational.4-08.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f2222056-062d-1060-6dc2-0107a68c34b2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0505.09m2Organizational.3-09.m",
    - "hipaa-1331.02e3Organizational.4-02.e",
    - "hipaa-1812.08b3Organizational.46-08.b",
    - "hipaa-1813.08b3Organizational.56-08.b",
    - "hipaa-18145.08b3Organizational.7-08.b",
    - "hipaa-18146.08b3Organizational.8-08.b",
    - "hipaa-1816.08d2Organizational.4-08.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "25a1f840-65d0-900a-43e4-bee253de04de",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0505.09m2Organizational.3-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "cc057769-01d9-95ad-a36f-1e62a7f9540b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0601.06g1Organizational.124-06.g",
    - "hipaa-0602.06g1Organizational.3-06.g",
    - "hipaa-12102.09ab1Organizational.4-09.ab",
    - "hipaa-1708.03c2Organizational.12-03.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "04837a26-2601-1982-3da7-bf463e6408f4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0602.06g1Organizational.3-06.g",
    - "hipaa-0636.10k2Organizational.1-10.k",
    - "hipaa-0637.10k2Organizational.2-10.k",
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0869.09m3Organizational.19-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3a868d0c-538f-968b-0191-bddb44da5b75",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0602.06g1Organizational.3-06.g",
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0791.10b2Organizational.4-10.b",
    - "hipaa-1788.10a2Organizational.2-10.a",
    - "hipaa-1795.10a2Organizational.13-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2927e340-60e4-43ad-6b5f-7a1468232cc2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0604.06g2Organizational.2-06.g",
    - "hipaa-069.06g2Organizational.56-06.g",
    - "hipaa-0824.09m3Organizational.1-09.m",
    - "hipaa-0835.09n1Organizational.1-09.n"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5fc24b95-53f7-0ed1-2330-701b539b97fe",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0604.06g2Organizational.2-06.g",
    - "hipaa-069.06g2Organizational.56-06.g",
    - "hipaa-0824.09m3Organizational.1-09.m",
    - "hipaa-0835.09n1Organizational.1-09.n",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1218.09ab3System.47-09.ab",
    - "hipaa-1512.11a2Organizational.8-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9b55929b-0101-47c0-a16e-d6ac5c7d21f8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0604.06g2Organizational.2-06.g",
    - "hipaa-069.06g2Organizational.56-06.g",
    - "hipaa-0824.09m3Organizational.1-09.m",
    - "hipaa-0835.09n1Organizational.1-09.n",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1408.09e1System.1-09.e",
    - "hipaa-1411.09f1System.1-09.f",
    - "hipaa-1422.05j2Organizational.3-05.j",
    - "hipaa-1423.05j2Organizational.4-05.j",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-1450.05i2Organizational.2-05.i",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1453.05kCSPOrganizational.2-05.k",
    - "hipaa-1454.05kCSPOrganizational.3-05.k",
    - "hipaa-1455.05kCSPOrganizational.4-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3baee3fd-30f5-882c-018c-cc78703a0106",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0604.06g2Organizational.2-06.g",
    - "hipaa-068.06g2Organizational.34-06.g"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6a379d74-903b-244a-4c44-838728bea6b0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0604.06g2Organizational.2-06.g"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "585af6e9-90c0-4575-67a7-2f9548972e32",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0605.10h1System.12-10.h"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaseline_SecurityOptionsAudit",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits: {1 item
      - value: "[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0605.10h1System.12-10.h"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaseline_SystemAuditPoliciesAccountManagement",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0605.10h1System.12-10.h"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5e4e9685-3818-5934-0071-2620c4fa2ca5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0627.10h1System.45-10.h",
    - "hipaa-0643.10k3Organizational.3-10.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "055da733-55c6-9e10-8194-c40731057ec4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1734.03d2Organizational.1-03.d",
    - "hipaa-1735.03d2Organizational.23-03.d",
    - "hipaa-1788.10a2Organizational.2-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "575ed5e8-4c29-99d0-0e4d-689fb1d29827",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0618.09b1System.1-09.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c72fc0c8-2df8-7506-30be-6ba1971747e1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0671.10k1System.1-10.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b33d61c1-7463-7025-0ec0-a47585b59147",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0618.09b1System.1-09.b",
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0791.10b2Organizational.4-10.b",
    - "hipaa-17101.10a3Organizational.6-10.a",
    - "hipaa-1788.10a2Organizational.2-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b53aa659-513e-032c-52e6-1ce0ba46582f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0627.10h1System.45-10.h",
    - "hipaa-0639.10k2Organizational.78-10.k",
    - "hipaa-0642.10k3Organizational.12-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0710.10m2Organizational.1-10.m",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0869.09m3Organizational.19-09.m",
    - "hipaa-0901.09s1Organizational.1-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2f20840e-7925-221c-725d-757442753e7c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0627.10h1System.45-10.h",
    - "hipaa-0636.10k2Organizational.1-10.k",
    - "hipaa-0637.10k2Organizational.2-10.k",
    - "hipaa-0639.10k2Organizational.78-10.k",
    - "hipaa-0642.10k3Organizational.12-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0710.10m2Organizational.1-10.m",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0869.09m3Organizational.19-09.m",
    - "hipaa-0901.09s1Organizational.1-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7380631c-5bf5-0e3a-4509-0873becd8a63",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0627.10h1System.45-10.h",
    - "hipaa-0639.10k2Organizational.78-10.k",
    - "hipaa-0642.10k3Organizational.12-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0710.10m2Organizational.1-10.m",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0869.09m3Organizational.19-09.m",
    - "hipaa-0901.09s1Organizational.1-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "526ed90e-890f-69e7-0386-ba5c0f1f784f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0627.10h1System.45-10.h",
    - "hipaa-0636.10k2Organizational.1-10.k",
    - "hipaa-0637.10k2Organizational.2-10.k",
    - "hipaa-0639.10k2Organizational.78-10.k",
    - "hipaa-0642.10k3Organizational.12-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0710.10m2Organizational.1-10.m",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0869.09m3Organizational.19-09.m",
    - "hipaa-0901.09s1Organizational.1-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "33832848-42ab-63f3-1a55-c0ad309d44cd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0627.10h1System.45-10.h",
    - "hipaa-0636.10k2Organizational.1-10.k",
    - "hipaa-0637.10k2Organizational.2-10.k",
    - "hipaa-0639.10k2Organizational.78-10.k",
    - "hipaa-0642.10k3Organizational.12-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0710.10m2Organizational.1-10.m",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0869.09m3Organizational.19-09.m",
    - "hipaa-0901.09s1Organizational.1-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "34aac8b2-488a-2b96-7280-5b9b481a317a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0628.10h1System.6-10.h",
    - "hipaa-0635.10k1Organizational.12-10.k",
    - "hipaa-0713.10m2Organizational.5-10.m",
    - "hipaa-0786.10m2Organizational.13-10.m",
    - "hipaa-0787.10m2Organizational.14-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0635.10k1Organizational.12-10.k",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-1790.10a2Organizational.45-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaseline_SystemAuditPoliciesDetailedTracking",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - AuditProcessTermination: {1 item
      - value: "[parameters('DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination')]"
      }
    },
  - groupNames: [10 items
    - "hipaa-0635.10k1Organizational.12-10.k",
    - "hipaa-0636.10k2Organizational.1-10.k",
    - "hipaa-0637.10k2Organizational.2-10.k",
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0639.10k2Organizational.78-10.k",
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0641.10k2Organizational.11-10.k",
    - "hipaa-0642.10k3Organizational.12-10.k",
    - "hipaa-0643.10k3Organizational.3-10.k",
    - "hipaa-0644.10k3Organizational.4-10.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "836f8406-3b8a-11bb-12cb-6c7fa0765668",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0636.10k2Organizational.1-10.k",
    - "hipaa-0637.10k2Organizational.2-10.k",
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0869.09m3Organizational.19-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "874a6f2e-2098-53bc-3a16-20dcdc425a7e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0636.10k2Organizational.1-10.k",
    - "hipaa-0637.10k2Organizational.2-10.k",
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0869.09m3Organizational.19-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5c40f27b-6791-18c5-3f85-7b863bd99c11",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0671.10k1System.1-10.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7d10debd-4775-85a7-1a41-7e128e0e8c50",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0638.10k2Organizational.34569-10.k",
    - "hipaa-0671.10k1System.1-10.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0638.10k2Organizational.34569-10.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "67ada943-8539-083d-35d0-7af648974125",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j",
    - "hipaa-1421.05j2Organizational.12-05.j",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-1450.05i2Organizational.2-05.i",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1453.05kCSPOrganizational.2-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0803eaa7-671c-08a7-52fd-ac419f775e75",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j",
    - "hipaa-1421.05j2Organizational.12-05.j",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-17100.10a3Organizational.5",
    - "hipaa-17120.10a3Organizational.5-10.a",
    - "hipaa-1783.10a1Organizational.56-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f9ec3263-9562-1768-65a1-729793635a8d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j",
    - "hipaa-1421.05j2Organizational.12-05.j",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-17100.10a3Organizational.5",
    - "hipaa-17120.10a3Organizational.5-10.a",
    - "hipaa-1783.10a1Organizational.56-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d78f95ba-870a-a500-6104-8a5ce2534f19",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j",
    - "hipaa-1421.05j2Organizational.12-05.j",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-17100.10a3Organizational.5",
    - "hipaa-17120.10a3Organizational.5-10.a",
    - "hipaa-1783.10a1Organizational.56-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0ba211ef-0e85-2a45-17fc-401d1b3f8f85",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j",
    - "hipaa-1421.05j2Organizational.12-05.j",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-17100.10a3Organizational.5",
    - "hipaa-17120.10a3Organizational.5-10.a",
    - "hipaa-1783.10a1Organizational.56-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "13efd2d7-3980-a2a4-39d0-527180c009e8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j",
    - "hipaa-1421.05j2Organizational.12-05.j",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-17100.10a3Organizational.5",
    - "hipaa-17120.10a3Organizational.5-10.a",
    - "hipaa-1783.10a1Organizational.56-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a465e8e9-0095-85cb-a05f-1dd4960d02af",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j",
    - "hipaa-1421.05j2Organizational.12-05.j",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-17100.10a3Organizational.5",
    - "hipaa-17120.10a3Organizational.5-10.a",
    - "hipaa-1783.10a1Organizational.56-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "57927290-8000-59bf-3776-90c468ac5b4b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j",
    - "hipaa-1421.05j2Organizational.12-05.j",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-17100.10a3Organizational.5",
    - "hipaa-17120.10a3Organizational.5-10.a",
    - "hipaa-1783.10a1Organizational.56-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ebb0ba89-6d8c-84a7-252b-7393881e43de",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1004.01d1System.8913-01.d",
    - "hipaa-1005.01d1System.1011-01.d",
    - "hipaa-1009.01d2System.4-01.d",
    - "hipaa-1014.01d1System.12-01.d",
    - "hipaa-1022.01d1System.15-01.d",
    - "hipaa-1031.01d1System.34510-01.d",
    - "hipaa-1116.01j1Organizational.145-01.j",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c148208b-1a6f-a4ac-7abc-23b1d41121b1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0791.10b2Organizational.4-10.b",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j",
    - "hipaa-1421.05j2Organizational.12-05.j",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1438.09e2System.4-09.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "77acc53d-0f67-6e06-7d04-5750653d4629",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1406.05k1Organizational.110-05.k",
    - "hipaa-1409.09e2System.1-09.e",
    - "hipaa-1410.09e2System.23-09.e",
    - "hipaa-1416.10l1Organizational.1-10.l",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1419.05j1Organizational.12-05.j",
    - "hipaa-1421.05j2Organizational.12-05.j",
    - "hipaa-1429.05k1Organizational.34-05.k",
    - "hipaa-1430.05k1Organizational.56-05.k",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-17100.10a3Organizational.5",
    - "hipaa-17120.10a3Organizational.5-10.a",
    - "hipaa-1783.10a1Organizational.56-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "318b2bd9-9c39-9f8b-46a7-048401f33476",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0791.10b2Organizational.4-10.b",
    - "hipaa-17101.10a3Organizational.6-10.a",
    - "hipaa-1788.10a2Organizational.2-10.a",
    - "hipaa-1795.10a2Organizational.13-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6de65dc4-8b4f-34b7-9290-eb137a2e2929",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0791.10b2Organizational.4-10.b",
    - "hipaa-17101.10a3Organizational.6-10.a",
    - "hipaa-1788.10a2Organizational.2-10.a",
    - "hipaa-1795.10a2Organizational.13-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e750ca06-1824-464a-2cf3-d0fa754d1cb4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-0669.10hCSPSystem.1-10.h",
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0791.10b2Organizational.4-10.b",
    - "hipaa-17101.10a3Organizational.6-10.a",
    - "hipaa-1788.10a2Organizational.2-10.a",
    - "hipaa-1795.10a2Organizational.13-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f8a63511-66f1-503f-196d-d6217ee0823a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0640.10k2Organizational.1012-10.k",
    - "hipaa-1417.10l2Organizational.1-10.l",
    - "hipaa-1794.10a2Organizational.12-10.a",
    - "hipaa-1795.10a2Organizational.13-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "623b5f0a-8cbd-03a6-4892-201d27302f0c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-1106.01b1System.1-01.b",
    - "hipaa-1108.01b1System.3-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1130.01v2System.1-01.v",
    - "hipaa-1139.01b1System.68-01.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4c6df5ff-4ef2-4f17-a516-0da9189c603b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-1106.01b1System.1-01.b",
    - "hipaa-1108.01b1System.3-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1130.01v2System.1-01.v"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a08b18c7-9e0a-89f1-3696-d80902196719",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-1106.01b1System.1-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1130.01v2System.1-01.v",
    - "hipaa-1139.01b1System.68-01.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "97cfd944-6f0c-7db2-3796-8e890ef70819",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-1106.01b1System.1-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1130.01v2System.1-01.v",
    - "hipaa-1139.01b1System.68-01.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "873895e8-0e3a-6492-42e9-22cd030e9fcd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-1106.01b1System.1-01.b",
    - "hipaa-11180.01c3System.6-01.c",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1130.01v2System.1-01.v",
    - "hipaa-1139.01b1System.68-01.b",
    - "hipaa-1143.01c1System.123-01.c",
    - "hipaa-1145.01c2System.1-01.c",
    - "hipaa-1146.01c2System.23-01.c",
    - "hipaa-1148.01c2System.78-01.c",
    - "hipaa-1151.01c3System.1-01.c",
    - "hipaa-1152.01c3System.2-01.c",
    - "hipaa-1214.09ab2System.3456-09.ab",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1270.09ad1System.12-09.ad"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4b8fd5da-609b-33bf-9724-1c946285a14c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-1108.01b1System.3-01.b",
    - "hipaa-11155.02i2Organizational.2-02.i",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1143.01c1System.123-01.c",
    - "hipaa-1166.01e1System.12-01.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "79f081c7-1634-01a1-708e-376197999289",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/79f081c7-1634-01a1-708e-376197999289 Review user accounts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-1106.01b1System.1-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1166.01e1System.12-01.e",
    - "hipaa-1808.08b2Organizational.7-08.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f7eb1d0b-6d4f-2d59-1591-7563e11a9313",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1111.01b2System.1-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1124.01q1System.34-01.q",
    - "hipaa-1139.01b1System.68-01.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2f204e72-1896-3bf8-75c9-9128b8683a36",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0644.10k3Organizational.4-10.k",
    - "hipaa-1014.01d1System.12-01.d",
    - "hipaa-1015.01d1System.14-01.d",
    - "hipaa-1110.01b1System.5-01.b",
    - "hipaa-1111.01b2System.1-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1124.01q1System.34-01.q",
    - "hipaa-1139.01b1System.68-01.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "19dd1db6-f442-49cf-a838-b0786b4401ef",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0662.09sCSPOrganizational.2-09.s",
    - "hipaa-0915.09s2Organizational.2-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0670.10hCSPSystem.2-10.h",
    - "hipaa-1207.09aa2System.4-09.aa",
    - "hipaa-1210.09aa3System.3-09.aa",
    - "hipaa-1211.09aa3System.4-09.aa",
    - "hipaa-1826.09p1Organizational.1-09.p",
    - "hipaa-1904.06.d2Organizational.1-06.d",
    - "hipaa-1908.06.c1Organizational.4-06.c",
    - "hipaa-19142.06c1Organizational.8-06.c",
    - "hipaa-19144.06c2Organizational.1-06.c",
    - "hipaa-19145.06c2Organizational.2-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b5a4be05-3997-1731-3260-98be653610f6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0670.10hCSPSystem.2-10.h",
    - "hipaa-1211.09aa3System.4-09.aa",
    - "hipaa-1713.03c1Organizational.3-03.c",
    - "hipaa-1826.09p1Organizational.1-09.p",
    - "hipaa-1904.06.d2Organizational.1-06.d",
    - "hipaa-19142.06c1Organizational.8-06.c",
    - "hipaa-19144.06c2Organizational.1-06.c",
    - "hipaa-19145.06c2Organizational.2-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c6b877a6-5d6d-1862-4b7f-3ccc30b25b63",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0670.10hCSPSystem.2-10.h",
    - "hipaa-1211.09aa3System.4-09.aa",
    - "hipaa-1713.03c1Organizational.3-03.c",
    - "hipaa-1826.09p1Organizational.1-09.p",
    - "hipaa-1904.06.d2Organizational.1-06.d",
    - "hipaa-19142.06c1Organizational.8-06.c",
    - "hipaa-19144.06c2Organizational.1-06.c",
    - "hipaa-19145.06c2Organizational.2-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "085467a6-9679-5c65-584a-f55acefd0d43",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0671.10k1System.1-10.k",
    - "hipaa-0791.10b2Organizational.4-10.b",
    - "hipaa-17101.10a3Organizational.6-10.a",
    - "hipaa-1788.10a2Organizational.2-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8e920169-739d-40b5-3f99-c4d855327bb2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0672.10k3System.5-10.k",
    - "hipaa-1206.09aa2System.23-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "043c1e56-5a16-52f8-6af8-583098ff3e60",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0701.07a1Organizational.12-07.a",
    - "hipaa-0703.07a2Organizational.1-07.a",
    - "hipaa-0704.07a3Organizational.12-07.a",
    - "hipaa-0720.07a1Organizational.4-07.a",
    - "hipaa-0725.07a3Organizational.5-07.a",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-1621.09l2Organizational.1-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "27965e62-141f-8cca-426f-d09514ee5216",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0701.07a1Organizational.12-07.a",
    - "hipaa-0703.07a2Organizational.1-07.a",
    - "hipaa-0704.07a3Organizational.12-07.a",
    - "hipaa-0725.07a3Organizational.5-07.a",
    - "hipaa-1192.01l1Organizational.1-01.l",
    - "hipaa-1193.01l2Organizational.13-01.l",
    - "hipaa-1811.08b3Organizational.3-08.b",
    - "hipaa-1845.08b1Organizational.7-08.b",
    - "hipaa-1847.08b2Organizational.910-08.b",
    - "hipaa-1892.01l1Organizational.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "80a97208-264e-79da-0cc7-4fca179a0c9c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0701.07a1Organizational.12-07.a",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11154.02i1Organizational.5-02.i",
    - "hipaa-11155.02i2Organizational.2-02.i",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1135.02i1Organizational.1234-02.i",
    - "hipaa-1136.02i2Organizational.1-02.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0701.07a1Organizational.12-07.a",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11154.02i1Organizational.5-02.i",
    - "hipaa-11155.02i2Organizational.2-02.i",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1135.02i1Organizational.1234-02.i",
    - "hipaa-1136.02i2Organizational.1-02.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "496b407d-9b9e-81e8-4ba4-44bc686b016a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0701.07a1Organizational.12-07.a",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11154.02i1Organizational.5-02.i",
    - "hipaa-11155.02i2Organizational.2-02.i",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1135.02i1Organizational.1234-02.i",
    - "hipaa-1136.02i2Organizational.1-02.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7c7032fe-9ce6-9092-5890-87a1a3755db1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0701.07a1Organizational.12-07.a",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11154.02i1Organizational.5-02.i",
    - "hipaa-11155.02i2Organizational.2-02.i",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1135.02i1Organizational.1234-02.i",
    - "hipaa-1136.02i2Organizational.1-02.i",
    - "hipaa-1207.09aa2System.4-09.aa",
    - "hipaa-1210.09aa3System.3-09.aa",
    - "hipaa-1908.06.c1Organizational.4-06.c",
    - "hipaa-19142.06c1Organizational.8-06.c",
    - "hipaa-19144.06c2Organizational.1-06.c",
    - "hipaa-19145.06c2Organizational.2-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c79d378a-2521-822a-0407-57454f8d2c74",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0701.07a1Organizational.12-07.a",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11154.02i1Organizational.5-02.i",
    - "hipaa-11155.02i2Organizational.2-02.i",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1135.02i1Organizational.1234-02.i",
    - "hipaa-1136.02i2Organizational.1-02.i",
    - "hipaa-1166.01e1System.12-01.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5715bf33-a5bd-1084-4e19-bc3c83ec1c35",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0702.07a1Organizational.3-07.a",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0915.09s2Organizational.2-09.s",
    - "hipaa-1423.05j2Organizational.4-05.j",
    - "hipaa-1911.06d1Organizational.13-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "92ede480-154e-0e22-4dca-8b46a74a3a51",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0703.07a2Organizational.1-07.a",
    - "hipaa-0704.07a3Organizational.12-07.a",
    - "hipaa-0720.07a1Organizational.4-07.a",
    - "hipaa-0725.07a3Organizational.5-07.a",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-1621.09l2Organizational.1-09.l",
    - "hipaa-19245.06d2Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "00f12b6f-10d7-8117-9577-0f2b76488385",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0705.07a3Organizational.3-07.a",
    - "hipaa-0706.10b1System.12-10.b",
    - "hipaa-1734.03d2Organizational.1-03.d",
    - "hipaa-1735.03d2Organizational.23-03.d",
    - "hipaa-1781.10a1Organizational.23-10.a",
    - "hipaa-1789.10a2Organizational.3-10.a",
    - "hipaa-1790.10a2Organizational.45-10.a",
    - "hipaa-1791.10a2Organizational.6-10.a",
    - "hipaa-1792.10a2Organizational.7814-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8b1f29eb-1b22-4217-5337-9207cb55231e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0706.10b1System.12-10.b",
    - "hipaa-0733.10b2System.4-10.b",
    - "hipaa-0901.09s1Organizational.1-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "vulnerabilityAssessmentOnManagedInstanceMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('vulnerabilityAssessmentOnManagedInstanceMonitoringEffect')]"
      }
    },
  - groupNames: [3 items
    - "hipaa-0709.10m1Organizational.1-10.m",
    - "hipaa-0710.10m2Organizational.1-10.m",
    - "hipaa-0719.10m3Organizational.5-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaseline_SecurityOptionsMicrosoftNetworkServer",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0709.10m1Organizational.1-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "vulnerabilityAssessmentShouldBeEnabledOnVirtualMachines",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0709.10m1Organizational.1-10.m",
    - "hipaa-0711.10m2Organizational.23-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "vulnerabilityAssessmentOnServerMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0709.10m1Organizational.1-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "sqlDbVulnerabilityAssesmentMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved ,
  - definitionVersion: 4.*.*4.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0709.10m1Organizational.1-10.m",
    - "hipaa-0716.10m3Organizational.1-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "611ebc63-8600-50b6-a0e3-fef272457132",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0712.10m2Organizational.4-10.m",
    - "hipaa-0788.10m3Organizational.20-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a90c4d44-7fac-8e02-6d5b-0d92046b20e6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0713.10m2Organizational.5-10.m",
    - "hipaa-0718.10m3Organizational.34-10.m",
    - "hipaa-0787.10m2Organizational.14-10.m",
    - "hipaa-1791.10a2Organizational.6-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "dad1887d-161b-7b61-2e4d-5124a7b5724e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0713.10m2Organizational.5-10.m",
    - "hipaa-0787.10m2Organizational.14-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "dd2523d5-2db3-642b-a1cf-83ac973b32c2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0713.10m2Organizational.5-10.m",
    - "hipaa-0787.10m2Organizational.14-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5b802722-71dd-a13d-2e7e-231e09589efb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0714.10m2Organizational.7-10.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "08c11b48-8745-034d-1c1b-a144feec73b9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0722.07a1Organizational.67-07.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "426c172c-9914-10d1-25dd-669641fc1af4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0724.07a3Organizational.4-07.a",
    - "hipaa-1119.01j2Organizational.3-01.j",
    - "hipaa-1504.06e1Organizational.34-06.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "appServiceShouldUseAVirtualNetworkServiceEndpoint",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0861.09m2Organizational.67-09.m",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "gatewaySubnetsShouldNotBeConfiguredWithANetworkSecurityGroup",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "storageAccountsShouldUseAVirtualNetworkServiceEndpoint",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0867.09m3Organizational.17-09.m",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "sqlServerShouldUseAVirtualNetworkServiceEndpoint",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0862.09m2Organizational.8-09.m",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "containerRegistryShouldUseAVirtualNetworkServiceEndpoint",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*-preview1.0.0-preview,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0868.09m3Organizational.18-09.m",
    - "hipaa-0869.09m3Organizational.19-09.m",
    - "hipaa-0870.09m3Organizational.20-09.m",
    - "hipaa-0871.09m3Organizational.22-09.m",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "virtualMachinesShouldBeConnectedToAnApprovedVirtualNetwork",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('virtualMachinesShouldBeConnectedToAnApprovedVirtualNetworkEffect')]"
      },
    - virtualNetworkId: {1 item
      - value: "[parameters('virtualNetworkId')]"
      }
    },
  - groupNames: [8 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "eventHubShouldUseAVirtualNetworkServiceEndpoint",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "cosmosDBShouldUseAVirtualNetworkServiceEndpoint",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0864.09m2Organizational.12-09.m",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "networkSecurityGroupsOnSubnetsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "keyVaultShouldUseAVirtualNetworkServiceEndpoint",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0865.09m2Organizational.13-09.m",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "networkSecurityGroupsOnVirtualMachinesMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0805.01m1Organizational.12-01.m",
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "dd6d00a8-701a-5935-a22b-c7b9c0c698b2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0806.01m2Organizational.12356-01.m",
    - "hipaa-0817.01w2System.123-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d91558ce-5a5c-551b-8fbb-83f793255e09",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0808.10b2System.3-10.b",
    - "hipaa-0815.01o2Organizational.123-01.o",
    - "hipaa-0822.09m2Organizational.4-09.m",
    - "hipaa-0850.01o1Organizational.12-01.o",
    - "hipaa-0870.09m3Organizational.20-09.m",
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b262e1dd-08e9-41d4-963a-258909ad794b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0822.09m2Organizational.4-09.m",
    - "hipaa-0826.09m3Organizational.45-09.m",
    - "hipaa-0829.09m3Organizational.911-09.m",
    - "hipaa-0830.09m3Organizational.1012-09.m",
    - "hipaa-0860.09m1Organizational.9-09.m",
    - "hipaa-0868.09m3Organizational.18-09.m",
    - "hipaa-0870.09m3Organizational.20-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ff1efad2-6b09-54cc-01bf-d386c4d558a8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [15 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-08101.09m2Organizational.14-09.m",
    - "hipaa-08102.09nCSPOrganizational.1-09.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0826.09m3Organizational.45-09.m",
    - "hipaa-0830.09m3Organizational.1012-09.m",
    - "hipaa-0835.09n1Organizational.1-09.n",
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-0860.09m1Organizational.9-09.m",
    - "hipaa-0864.09m2Organizational.12-09.m",
    - "hipaa-0866.09m3Organizational.1516-09.m",
    - "hipaa-0868.09m3Organizational.18-09.m",
    - "hipaa-0887.09n2Organizational.5-09.n",
    - "hipaa-0928.09v1Organizational.45-09.v",
    - "hipaa-1119.01j2Organizational.3-01.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e4e1f896-8a93-1151-43c7-0ad23b081ee2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0815.01o2Organizational.123-01.o",
    - "hipaa-0822.09m2Organizational.4-09.m",
    - "hipaa-0825.09m3Organizational.23-09.m",
    - "hipaa-0830.09m3Organizational.1012-09.m",
    - "hipaa-0864.09m2Organizational.12-09.m",
    - "hipaa-0866.09m3Organizational.1516-09.m",
    - "hipaa-0868.09m3Organizational.18-09.m",
    - "hipaa-1213.09ab2System.128-09.ab",
    - "hipaa-1218.09ab3System.47-09.ab",
    - "hipaa-1220.09ab3System.56-09.ab",
    - "hipaa-1411.09f1System.1-09.f"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "bab9ef1d-a16d-421a-822d-3fa94e808156",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [15 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0815.01o2Organizational.123-01.o",
    - "hipaa-0822.09m2Organizational.4-09.m",
    - "hipaa-0825.09m3Organizational.23-09.m",
    - "hipaa-0830.09m3Organizational.1012-09.m",
    - "hipaa-0866.09m3Organizational.1516-09.m",
    - "hipaa-0868.09m3Organizational.18-09.m",
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0912.09s1Organizational.4-09.s",
    - "hipaa-1118.01j2Organizational.124-01.j",
    - "hipaa-1213.09ab2System.128-09.ab",
    - "hipaa-1218.09ab3System.47-09.ab",
    - "hipaa-1220.09ab3System.56-09.ab",
    - "hipaa-1411.09f1System.1-09.f"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInRedisCacheMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]"
      }
    },
  - groupNames: [7 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0946.09y2Organizational.14-09.y",
    - "hipaa-1451.05iCSPOrganizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "secureTransferToStorageAccountMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('secureTransferToStorageAccountMonitoringEffect')]"
      }
    },
  - groupNames: [7 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0943.09y1Organizational.1-09.y",
    - "hipaa-1401.05i1Organizational.1239-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "functionAppEnforceHttpsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0949.09y2Organizational.5-09.y",
    - "hipaa-1402.05i1Organizational.45-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "webAppEnforceHttpsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS ,
  - definitionVersion: 4.*.*4.0.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0949.09y2Organizational.5-09.y",
    - "hipaa-1403.05i1Organizational.67-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "enforceSSLConnectionShouldBeEnabledForPostgreSQLDatabaseServers",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0947.09y2Organizational.2-09.y",
    - "hipaa-1450.05i2Organizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "enforceSSLConnectionShouldBeEnabledForMySQLDatabaseServers",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0948.09y2Organizational.3-09.y",
    - "hipaa-1418.05i1Organizational.8-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "webAppRequireLatestTlsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0949.09y2Organizational.5-09.y"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "functionAppRequireLatestTlsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0809.01n2Organizational.1234-01.n",
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0812.01n2Organizational.8-01.n",
    - "hipaa-0814.01n1Organizational.12-01.n",
    - "hipaa-0949.09y2Organizational.5-09.y"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b2d3e5a2-97ab-5497-565a-71172a729d93",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-08101.09m2Organizational.14-09.m",
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-0862.09m2Organizational.8-09.m",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-0903.10f1Organizational.1-10.f",
    - "hipaa-0904.10f2Organizational.1-10.f",
    - "hipaa-0913.09s1Organizational.5-09.s",
    - "hipaa-0926.09v1Organizational.2-09.v",
    - "hipaa-0928.09v1Organizational.45-09.v",
    - "hipaa-0929.09v1Organizational.6-09.v",
    - "hipaa-0943.09y1Organizational.1-09.y",
    - "hipaa-0945.09y1Organizational.3-09.y",
    - "hipaa-099.09m2Organizational.11-09.m",
    - "hipaa-1002.01d1System.1-01.d",
    - "hipaa-1004.01d1System.8913-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "26daf649-22d1-97e9-2a8a-01b182194d59",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [14 items
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-08101.09m2Organizational.14-09.m",
    - "hipaa-0862.09m2Organizational.8-09.m",
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-0903.10f1Organizational.1-10.f",
    - "hipaa-0913.09s1Organizational.5-09.s",
    - "hipaa-0926.09v1Organizational.2-09.v",
    - "hipaa-0928.09v1Organizational.45-09.v",
    - "hipaa-0929.09v1Organizational.6-09.v",
    - "hipaa-0943.09y1Organizational.1-09.y",
    - "hipaa-0944.09y1Organizational.2-09.y",
    - "hipaa-0945.09y1Organizational.3-09.y",
    - "hipaa-0948.09y2Organizational.3-09.y",
    - "hipaa-099.09m2Organizational.11-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "de077e7e-0cc8-65a6-6e08-9ab46c827b05",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0810.01n2Organizational.5-01.n",
    - "hipaa-0913.09s1Organizational.5-09.s",
    - "hipaa-0926.09v1Organizational.2-09.v",
    - "hipaa-0928.09v1Organizational.45-09.v",
    - "hipaa-0929.09v1Organizational.6-09.v",
    - "hipaa-0945.09y1Organizational.3-09.y"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "13ef3484-3a51-785a-9c96-500f21f84edd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-0944.09y1Organizational.2-09.y",
    - "hipaa-1131.01v2System.2-01.v",
    - "hipaa-1150.01c2System.10-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "398fdbd8-56fd-274d-35c6-fa2d3b2755a1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-0928.09v1Organizational.45-09.v",
    - "hipaa-0929.09v1Organizational.6-09.v",
    - "hipaa-0944.09y1Organizational.2-09.y",
    - "hipaa-1131.01v2System.2-01.v",
    - "hipaa-1150.01c2System.10-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f476f3b0-4152-526e-a209-44e5f8c968d7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-0928.09v1Organizational.45-09.v",
    - "hipaa-0929.09v1Organizational.6-09.v",
    - "hipaa-0944.09y1Organizational.2-09.y",
    - "hipaa-1131.01v2System.2-01.v",
    - "hipaa-1150.01c2System.10-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c7fddb0e-3f44-8635-2b35-dc6b8e740b7c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-0811.01n2Organizational.6-01.n",
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-0928.09v1Organizational.45-09.v",
    - "hipaa-0929.09v1Organizational.6-09.v",
    - "hipaa-0944.09y1Organizational.2-09.y",
    - "hipaa-1131.01v2System.2-01.v",
    - "hipaa-1150.01c2System.10-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "dbcef108-7a04-38f5-8609-99da110a2a57",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0811.01n2Organizational.6-01.n"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0812.01n2Organizational.8-01.n"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3f1216b0-30ee-1ac9-3899-63eb744e85f5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0816.01w1System.1-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "be1c34ab-295a-07a6-785c-36f63c1d223e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0816.01w1System.1-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0816.01w1System.1-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "09960521-759e-5d12-086f-4192a72a5e92",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0816.01w1System.1-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "84a01872-5318-049e-061e-d56734183e84",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0816.01w1System.1-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "83eea3d3-0d2c-9ccd-1021-2111b29b2a62",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0817.01w2System.123-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "bfc540fe-376c-2eef-4355-121312fa4437",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0817.01w2System.123-01.w",
    - "hipaa-0818.01w3System.12-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "edcc36f1-511b-81e0-7125-abee29752fe7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0818.01w3System.12-01.w"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "096a7055-30cb-2db4-3fda-41b20ac72667",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-0819.09m1Organizational.23-09.m",
    - "hipaa-0832.09m3Organizational.14-09.m",
    - "hipaa-0835.09n1Organizational.1-09.n",
    - "hipaa-0836.09.n2Organizational.1-09.n",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0865.09m2Organizational.13-09.m",
    - "hipaa-0885.09n2Organizational.3-09.n",
    - "hipaa-1119.01j2Organizational.3-01.j",
    - "hipaa-1408.09e1System.1-09.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0819.09m1Organizational.23-09.m",
    - "hipaa-0836.09.n2Organizational.1-09.n",
    - "hipaa-0863.09m2Organizational.910-09.m",
    - "hipaa-0865.09m2Organizational.13-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c246d146-82b0-301f-32e7-1065dcd248b7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0821.09m2Organizational.2-09.m",
    - "hipaa-0828.09m3Organizational.8-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7ded6497-815d-6506-242b-e043e0273928",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0824.09m3Organizational.1-09.m",
    - "hipaa-1635.12b1Organizational.2-12.b",
    - "hipaa-1637.12b2Organizational.2-12.b",
    - "hipaa-1638.12b2Organizational.345-12.b",
    - "hipaa-1666.12d1Organizational.1235-12.d",
    - "hipaa-1669.12d1Organizational.8-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "af5ff768-a34b-720e-1224-e6b3214f3ba6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0824.09m3Organizational.1-09.m",
    - "hipaa-0860.09m1Organizational.9-09.m",
    - "hipaa-1464.09e2Organizational.5-09.e",
    - "hipaa-1604.12c2Organizational.16789-12.c",
    - "hipaa-1668.12d1Organizational.67-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "fc26e2fd-3149-74b4-5988-d64bb90f8ef7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0824.09m3Organizational.1-09.m",
    - "hipaa-0860.09m1Organizational.9-09.m",
    - "hipaa-1608.12c2Organizational.5-12.c",
    - "hipaa-1618.09l1Organizational.45-09.l",
    - "hipaa-1620.09l1Organizational.8-09.l",
    - "hipaa-1622.09l2Organizational.23-09.l",
    - "hipaa-1627.09l3Organizational.6-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d9af7f88-686a-5a8b-704b-eafdab278977",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0825.09m3Organizational.23-09.m",
    - "hipaa-1212.09ab1System.1-09.ab",
    - "hipaa-1524.11a1Organizational.5-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7fc1f0da-0050-19bb-3d75-81ae15940df6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0825.09m3Organizational.23-09.m",
    - "hipaa-1212.09ab1System.1-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e336d5f4-4d8f-0059-759c-ae10f63d1747",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0830.09m3Organizational.1012-09.m",
    - "hipaa-0870.09m3Organizational.20-09.m",
    - "hipaa-0927.09v1Organizational.3-09.v",
    - "hipaa-11109.01q1Organizational.57-01.q",
    - "hipaa-1121.01j3Organizational.2-01.j",
    - "hipaa-1122.01q1System.1-01.q",
    - "hipaa-1125.01q2System.1-01.q",
    - "hipaa-1175.01j1Organizational.8-01.j",
    - "hipaa-1178.01j2Organizational.7-01.j",
    - "hipaa-1424.05j2Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1d39b5d9-0392-8954-8359-575ce1957d1a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-0830.09m3Organizational.1012-09.m",
    - "hipaa-0870.09m3Organizational.20-09.m",
    - "hipaa-0927.09v1Organizational.3-09.v",
    - "hipaa-11109.01q1Organizational.57-01.q",
    - "hipaa-1121.01j3Organizational.2-01.j",
    - "hipaa-1122.01q1System.1-01.q",
    - "hipaa-1125.01q2System.1-01.q",
    - "hipaa-1175.01j1Organizational.8-01.j",
    - "hipaa-1178.01j2Organizational.7-01.j",
    - "hipaa-1424.05j2Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d48a6f19-a284-6fc6-0623-3367a74d3f50",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0832.09m3Organizational.14-09.m",
    - "hipaa-0836.09.n2Organizational.1-09.n",
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0865.09m2Organizational.13-09.m",
    - "hipaa-0885.09n2Organizational.3-09.n",
    - "hipaa-1408.09e1System.1-09.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ced727b3-005e-3c5b-5cd5-230b79d56ee8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0832.09m3Organizational.14-09.m",
    - "hipaa-0871.09m3Organizational.22-09.m",
    - "hipaa-0926.09v1Organizational.2-09.v",
    - "hipaa-0929.09v1Organizational.6-09.v"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "classicComputeVMsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('classicComputeVMsMonitoringEffect')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0835.09n1Organizational.1-09.n"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "networkTrafficDataCollectionAgentShouldBeInstalledOnWindowsVirtualMachines",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines ,
  - definitionVersion: 1.*.*-preview1.0.2-preview,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0835.09n1Organizational.1-09.n",
    - "hipaa-0887.09n2Organizational.5-09.n"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "networkTrafficDataCollectionAgentShouldBeInstalledOnLinuxVirtualMachines",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines ,
  - definitionVersion: 1.*.*-preview1.0.2-preview,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0836.09.n2Organizational.1-09.n",
    - "hipaa-0885.09n2Organizational.3-09.n"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4e45863d-9ea9-32b4-a204-2680bc6007a6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1408.09e1System.1-09.e",
    - "hipaa-1411.09f1System.1-09.f",
    - "hipaa-1422.05j2Organizational.3-05.j",
    - "hipaa-1423.05j2Organizational.4-05.j",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-1450.05i2Organizational.2-05.i",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1453.05kCSPOrganizational.2-05.k",
    - "hipaa-1454.05kCSPOrganizational.3-05.k",
    - "hipaa-1455.05kCSPOrganizational.4-05.k",
    - "hipaa-1524.11a1Organizational.5-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "cbfa1bd0-714d-8d6f-0480-2ad6a53972df",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1408.09e1System.1-09.e",
    - "hipaa-1450.05i2Organizational.2-05.i",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1454.05kCSPOrganizational.3-05.k",
    - "hipaa-1455.05kCSPOrganizational.4-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ffea18d9-13de-6505-37f3-4c1f88070ad7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1408.09e1System.1-09.e",
    - "hipaa-1411.09f1System.1-09.f",
    - "hipaa-1422.05j2Organizational.3-05.j",
    - "hipaa-1423.05j2Organizational.4-05.j",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-1450.05i2Organizational.2-05.i",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1453.05kCSPOrganizational.2-05.k",
    - "hipaa-1454.05kCSPOrganizational.3-05.k",
    - "hipaa-1455.05kCSPOrganizational.4-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "46ab2c5e-6654-1f58-8c83-e97a44f39308",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0870.09m3Organizational.20-09.m",
    - "hipaa-0949.09y2Organizational.5-09.y",
    - "hipaa-0960.09sCSPOrganizational.1-09.s",
    - "hipaa-1422.05j2Organizational.3-05.j",
    - "hipaa-1454.05kCSPOrganizational.3-05.k",
    - "hipaa-1786.10a1Organizational.9-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3eabed6d-1912-2d3c-858b-f438d08d0412",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n",
    - "hipaa-1422.05j2Organizational.3-05.j",
    - "hipaa-1423.05j2Organizational.4-05.j",
    - "hipaa-1438.09e2System.4-09.e",
    - "hipaa-1453.05kCSPOrganizational.2-05.k",
    - "hipaa-1577.11aCSPOrganizational.1-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "networkWatcherShouldBeEnabled",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - resourceGroupName: {1 item
      - value: "[parameters('NetworkWatcherResourceGroupName')]"
      }
    },
  - groupNames: [3 items
    - "hipaa-0837.09.n2Organizational.2-09.n",
    - "hipaa-0886.09n2Organizational.4-09.n",
    - "hipaa-0888.09n2Organizational.6-09.n"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaseline_WindowsFirewallProperties",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {19 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - WindowsFirewallDomainUseProfileSettings: {1 item
      - value: "[parameters('WindowsFirewallDomainUseProfileSettings')]"
      },
    - WindowsFirewallDomainBehaviorForOutboundConnections: {1 item
      - value: "[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]"
      },
    - WindowsFirewallDomainApplyLocalConnectionSecurityRules: {1 item
      - value: "[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]"
      },
    - WindowsFirewallDomainApplyLocalFirewallRules: {1 item
      - value: "[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]"
      },
    - WindowsFirewallDomainDisplayNotifications: {1 item
      - value: "[parameters('WindowsFirewallDomainDisplayNotifications')]"
      },
    - WindowsFirewallPrivateUseProfileSettings: {1 item
      - value: "[parameters('WindowsFirewallPrivateUseProfileSettings')]"
      },
    - WindowsFirewallPrivateBehaviorForOutboundConnections: {1 item
      - value: "[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]"
      },
    - WindowsFirewallPrivateApplyLocalConnectionSecurityRules: {1 item
      - value: "[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]"
      },
    - WindowsFirewallPrivateApplyLocalFirewallRules: {1 item
      - value: "[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]"
      },
    - WindowsFirewallPrivateDisplayNotifications: {1 item
      - value: "[parameters('WindowsFirewallPrivateDisplayNotifications')]"
      },
    - WindowsFirewallPublicUseProfileSettings: {1 item
      - value: "[parameters('WindowsFirewallPublicUseProfileSettings')]"
      },
    - WindowsFirewallPublicBehaviorForOutboundConnections: {1 item
      - value: "[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]"
      },
    - WindowsFirewallPublicApplyLocalConnectionSecurityRules: {1 item
      - value: "[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]"
      },
    - WindowsFirewallPublicApplyLocalFirewallRules: {1 item
      - value: "[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]"
      },
    - WindowsFirewallPublicDisplayNotifications: {1 item
      - value: "[parameters('WindowsFirewallPublicDisplayNotifications')]"
      },
    - WindowsFirewallDomainAllowUnicastResponse: {1 item
      - value: "[parameters('WindowsFirewallDomainAllowUnicastResponse')]"
      },
    - WindowsFirewallPrivateAllowUnicastResponse: {1 item
      - value: "[parameters('WindowsFirewallPrivateAllowUnicastResponse')]"
      },
    - WindowsFirewallPublicAllowUnicastResponse: {1 item
      - value: "[parameters('WindowsFirewallPublicAllowUnicastResponse')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0858.09m1Organizational.4-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "nextGenerationFirewallMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('nextGenerationFirewallMonitoringEffect')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0858.09m1Organizational.4-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "jitNetworkAccessMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('jitNetworkAccessMonitoringEffect')]"
      }
    },
  - groupNames: [6 items
    - "hipaa-0858.09m1Organizational.4-09.m",
    - "hipaa-11180.01c3System.6-01.c",
    - "hipaa-1119.01j2Organizational.3-01.j",
    - "hipaa-1175.01j1Organizational.8-01.j",
    - "hipaa-1179.01j3Organizational.1-01.j",
    - "hipaa-1192.01l1Organizational.1-01.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "60ee1260-97f0-61bb-8155-5d8b75743655",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [15 items
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-11219.01b1Organizational.10-01.b",
    - "hipaa-1229.09c1Organizational.1-09.c",
    - "hipaa-1230.09c2Organizational.1-09.c",
    - "hipaa-1231.09c2Organizational.23-09.c",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1233.09c3Organizational.3-09.c",
    - "hipaa-1271.09ad1System.1-09.ad",
    - "hipaa-1271.09ad2System.1",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1277.09c2Organizational.4-09.c",
    - "hipaa-1278.09c2Organizational.56-09.c",
    - "hipaa-1279.09c3Organizational.4-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1808.08b2Organizational.7-08.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e6f7b584-877a-0d69-77d4-ab8b923a9650",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-11219.01b1Organizational.10-01.b",
    - "hipaa-1229.09c1Organizational.1-09.c",
    - "hipaa-1231.09c2Organizational.23-09.c",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1233.09c3Organizational.3-09.c",
    - "hipaa-1271.09ad1System.1-09.ad",
    - "hipaa-1271.09ad2System.1",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1277.09c2Organizational.4-09.c",
    - "hipaa-1278.09c2Organizational.56-09.c",
    - "hipaa-1279.09c3Organizational.4-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "341bc9f1-7489-07d9-4ec6-971573e1546a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-0859.09m1Organizational.78-09.m",
    - "hipaa-11219.01b1Organizational.10-01.b",
    - "hipaa-1229.09c1Organizational.1-09.c",
    - "hipaa-1231.09c2Organizational.23-09.c",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1233.09c3Organizational.3-09.c",
    - "hipaa-1271.09ad1System.1-09.ad",
    - "hipaa-1271.09ad2System.1",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1277.09c2Organizational.4-09.c",
    - "hipaa-1278.09c2Organizational.56-09.c",
    - "hipaa-1279.09c3Organizational.4-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "DeployDiagnosticSettingsforNetworkSecurityGroups",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Deploy Diagnostic Settings for Network Security Groups ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {2 items
    - storagePrefix: {1 item
      - value: "[parameters('DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix')]"
      },
    - rgName: {1 item
      - value: "[parameters('DeployDiagnosticSettingsforNetworkSecurityGroupsrgName')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0860.09m1Organizational.9-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e1379836-3492-6395-451d-2f5062e14136",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0861.09m2Organizational.67-09.m",
    - "hipaa-0870.09m3Organizational.20-09.m",
    - "hipaa-1006.01d2System.1-01.d",
    - "hipaa-1122.01q1System.1-01.q",
    - "hipaa-1424.05j2Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaseline_SecurityOptionsNetworkAccess",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {4 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - NetworkAccessRemotelyAccessibleRegistryPaths: {1 item
      - value: "[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]"
      },
    - NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths: {1 item
      - value: "[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]"
      },
    - NetworkAccessSharesThatCanBeAccessedAnonymously: {1 item
      - value: "[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0861.09m2Organizational.67-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "68a39c2b-0f17-69ee-37a3-aa10f9853a08",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0864.09m2Organizational.12-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "80029bc5-834f-3a9c-a2d8-acbc1aab4e9f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0865.09m2Organizational.13-09.m",
    - "hipaa-0886.09n2Organizational.4-09.n"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "disableUnrestrictedNetworkToStorageAccountMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access ,
  - definitionVersion: 1.*.*1.1.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0866.09m3Organizational.1516-09.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "bbb2e6d6-085f-5a35-a55d-e45daad38933",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0871.09m3Organizational.22-09.m",
    - "hipaa-0926.09v1Organizational.2-09.v",
    - "hipaa-0929.09v1Organizational.6-09.v"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f6da5cca-5795-60ff-49e1-4972567815fe",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0887.09n2Organizational.5-09.n",
    - "hipaa-0949.09y2Organizational.5-09.y",
    - "hipaa-1786.10a1Organizational.9-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "Deploynetworkwatcherwhenvirtualnetworksarecreated",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0894.01m2Organizational.7-01.m"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "93fa357f-2e38-22a9-5138-8cc5124e1923",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-19143.06c1Organizational.9-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "11ba0508-58a8-44de-5f3a-9e05d80571da",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-19143.06c1Organizational.9-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e23444b9-9662-40f3-289e-6d25c02b48fa",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-1908.06.c1Organizational.4-06.c",
    - "hipaa-19141.06c1Organizational.7-06.c",
    - "hipaa-19142.06c1Organizational.8-06.c",
    - "hipaa-19143.06c1Organizational.9-06.c",
    - "hipaa-19144.06c2Organizational.1-06.c",
    - "hipaa-19145.06c2Organizational.2-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6c79c3e5-5f7b-a48a-5c7b-8c158bc01115",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-19143.06c1Organizational.9-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3c9aa856-6b86-35dc-83f4-bc72cec74dea",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-0947.09y2Organizational.2-09.y",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1132.01v2System.3-01.v",
    - "hipaa-1134.01v3System.1-01.v",
    - "hipaa-1903.06d1Organizational.3456711-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "webAppRestrictCORSAccessMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0901.09s1Organizational.1-09.s",
    - "hipaa-0916.09s2Organizational.4-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "83dfb2b8-678b-20a0-4c44-5c75ada023e6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0912.09s1Organizational.4-09.s",
    - "hipaa-1118.01j2Organizational.124-01.j",
    - "hipaa-1121.01j3Organizational.2-01.j",
    - "hipaa-1179.01j3Organizational.1-01.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3d492600-27ba-62cc-a1c3-66eb919f6a0d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0912.09s1Organizational.4-09.s",
    - "hipaa-1118.01j2Organizational.124-01.j",
    - "hipaa-1121.01j3Organizational.2-01.j",
    - "hipaa-1179.01j3Organizational.1-01.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "518eafdd-08e5-37a9-795b-15a8d798056d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0912.09s1Organizational.4-09.s",
    - "hipaa-1118.01j2Organizational.124-01.j",
    - "hipaa-1121.01j3Organizational.2-01.j",
    - "hipaa-1128.01q2System.5-01.q",
    - "hipaa-1179.01j3Organizational.1-01.j",
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1304.02e3Organizational.1-02.e",
    - "hipaa-1310.01y1Organizational.9-01.y",
    - "hipaa-1314.02e2Organizational.5-02.e",
    - "hipaa-1315.02e2Organizational.67-02.e",
    - "hipaa-1325.09s1Organizational.3-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "48c816c5-2190-61fc-8806-25d6f3df162f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0912.09s1Organizational.4-09.s",
    - "hipaa-11155.02i2Organizational.2-02.i",
    - "hipaa-1118.01j2Organizational.124-01.j",
    - "hipaa-1179.01j3Organizational.1-01.j",
    - "hipaa-1208.09aa3System.1-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "fe2dff43-0a8c-95df-0432-cb1c794b17d0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0912.09s1Organizational.4-09.s",
    - "hipaa-1008.01d2System.3-01.d",
    - "hipaa-1118.01j2Organizational.124-01.j",
    - "hipaa-1121.01j3Organizational.2-01.j",
    - "hipaa-1903.06d1Organizational.3456711-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "01c387ea-383d-4ca9-295a-977fab516b03",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0902.09s2Organizational.13-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4edaca8c-0912-1ac5-9eaa-6a1057740fae",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0902.09s2Organizational.13-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3c93dba1-84fd-57de-33c7-ef0400a08134",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0915.09s2Organizational.2-09.s",
    - "hipaa-1423.05j2Organizational.4-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "functionAppRestrictCORSAccessMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0902.09s2Organizational.13-09.s",
    - "hipaa-0960.09sCSPOrganizational.1-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6f1de470-79f3-1572-866e-db0771352fc8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0904.10f2Organizational.1-10.f",
    - "hipaa-0945.09y1Organizational.3-09.y",
    - "hipaa-1005.01d1System.1011-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "16c54e01-9e65-7524-7c33-beda48a75779",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-0904.10f2Organizational.1-10.f",
    - "hipaa-1005.01d1System.1011-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "webAppDisableRemoteDebuggingMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]"
      }
    },
  - groupNames: [2 items
    - "hipaa-0912.09s1Organizational.4-09.s",
    - "hipaa-1194.01l2Organizational.2-01.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "functionAppDisableRemoteDebuggingMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0913.09s1Organizational.5-09.s",
    - "hipaa-1195.01l3Organizational.1-01.l",
    - "hipaa-1325.09s1Organizational.3-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "62fa14f0-4cbe-762d-5469-0899a99b98aa",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices ,
  - definitionVersion: 1.*.*1.1.1,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0916.09s2Organizational.4-09.s"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "18e7906d-4197-20fa-2f14-aaac21864e71",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/18e7906d-4197-20fa-2f14-aaac21864e71 Document process to ensure integrity of PII ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0943.09y1Organizational.1-09.y"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "Audit_WindowsCertificateInTrustedRoot",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - CertificateThumbprints: {1 item
      - value: "[parameters('CertificateThumbprints')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-0945.09y1Organizational.3-09.y"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0a412110-3874-9f22-187a-c7a81c8a6704",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0947.09y2Organizational.2-09.y",
    - "hipaa-1604.12c2Organizational.16789-12.c",
    - "hipaa-1618.09l1Organizational.45-09.l",
    - "hipaa-1668.12d1Organizational.67-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "178c8b7e-1b6e-4289-44dd-2f1526b678a1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0947.09y2Organizational.2-09.y",
    - "hipaa-1464.09e2Organizational.5-09.e",
    - "hipaa-1604.12c2Organizational.16789-12.c",
    - "hipaa-1618.09l1Organizational.45-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "81b6267b-97a7-9aa5-51ee-d2584a160424",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-0947.09y2Organizational.2-09.y",
    - "hipaa-1464.09e2Organizational.5-09.e",
    - "hipaa-1604.12c2Organizational.16789-12.c",
    - "hipaa-1618.09l1Organizational.45-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7bdb79ea-16b8-453e-4ca4-ad5b16012414",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0947.09y2Organizational.2-09.y",
    - "hipaa-1608.12c2Organizational.5-12.c",
    - "hipaa-1620.09l1Organizational.8-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0040d2e5-2779-170d-6a2c-1f5fca353335",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0947.09y2Organizational.2-09.y"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "098dcde7-016a-06c3-0985-0daaf3301d3a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0948.09y2Organizational.3-09.y",
    - "hipaa-1112.01b2System.2-01.b",
    - "hipaa-1127.01q2System.3-01.q"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "056a723b-4946-9d2a-5243-3aa27c4d31a1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-0948.09y2Organizational.3-09.y",
    - "hipaa-11112.01q2Organizational.67-01.q",
    - "hipaa-1112.01b2System.2-01.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c7d57a6a-7cc2-66c0-299f-83bf90558f5d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-0948.09y2Organizational.3-09.y"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1ff03f2a-974b-3272-34f2-f6cd51420b30",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1002.01d1System.1-01.d",
    - "hipaa-1006.01d2System.1-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "72889284-15d2-90b2-4b39-a1e9541e1152",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-1003.01d1System.3-01.d",
    - "hipaa-1004.01d1System.8913-01.d",
    - "hipaa-1014.01d1System.12-01.d",
    - "hipaa-1015.01d1System.14-01.d",
    - "hipaa-1106.01b1System.1-01.b",
    - "hipaa-1107.01b1System.2-01.b",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11111.01q2System.4-01.q",
    - "hipaa-1112.01b2System.2-01.b",
    - "hipaa-1116.01j1Organizational.145-01.j",
    - "hipaa-1424.05j2Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3ae68d9a-5696-8c32-62d3-c6f9c52e437c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-1003.01d1System.3-01.d",
    - "hipaa-1004.01d1System.8913-01.d",
    - "hipaa-1009.01d2System.4-01.d",
    - "hipaa-1014.01d1System.12-01.d",
    - "hipaa-1022.01d1System.15-01.d",
    - "hipaa-1031.01d1System.34510-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4aacaec9-0628-272c-3e83-0d68446694e0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-1004.01d1System.8913-01.d",
    - "hipaa-1014.01d1System.12-01.d",
    - "hipaa-1031.01d1System.34510-01.d",
    - "hipaa-1107.01b1System.2-01.b",
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11220.01b1System.10-01.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "29363ae1-68cd-01ca-799d-92c9197c8404",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1004.01d1System.8913-01.d",
    - "hipaa-1014.01d1System.12-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d8bbd80e-3bb1-5983-06c2-428526ec6a63",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-1004.01d1System.8913-01.d",
    - "hipaa-1005.01d1System.1011-01.d",
    - "hipaa-1009.01d2System.4-01.d",
    - "hipaa-1014.01d1System.12-01.d",
    - "hipaa-1022.01d1System.15-01.d",
    - "hipaa-1031.01d1System.34510-01.d",
    - "hipaa-1116.01j1Organizational.145-01.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3b30aa25-0f19-6c04-5ca4-bd3f880a763d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-1004.01d1System.8913-01.d",
    - "hipaa-1005.01d1System.1011-01.d",
    - "hipaa-1009.01d2System.4-01.d",
    - "hipaa-1014.01d1System.12-01.d",
    - "hipaa-1022.01d1System.15-01.d",
    - "hipaa-1031.01d1System.34510-01.d",
    - "hipaa-1116.01j1Organizational.145-01.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c2cb4658-44dc-9d11-3dad-7c6802dd5ba3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1006.01d2System.1-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c981fa70-2e58-8141-1457-e7f62ebc2ade",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1008.01d2System.3-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3af53f59-979f-24a8-540f-d7cdbc366607",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1008.01d2System.3-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e21f91d1-2803-0282-5f2d-26ebc4b170ef",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1008.01d2System.3-01.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-1014.01d1System.12-01.d",
    - "hipaa-1015.01d1System.14-01.d",
    - "hipaa-1107.01b1System.2-01.b",
    - "hipaa-11111.01q2System.4-01.q",
    - "hipaa-1112.01b2System.2-01.b",
    - "hipaa-1116.01j1Organizational.145-01.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "35963d41-4263-0ef9-98d5-70eb058f9e3c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1014.01d1System.12-01.d",
    - "hipaa-1015.01d1System.14-01.d",
    - "hipaa-1031.01d1System.34510-01.d",
    - "hipaa-1107.01b1System.2-01.b",
    - "hipaa-11111.01q2System.4-01.q"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "32f22cfa-770b-057c-965b-450898425519",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1135.02i1Organizational.1234-02.i",
    - "hipaa-1145.01c2System.1-01.c",
    - "hipaa-1151.01c3System.1-01.c",
    - "hipaa-1152.01c3System.2-01.c",
    - "hipaa-1214.09ab2System.3456-09.ab",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e89436d8-6a93-3b62-4444-1d2a42ad56b2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11154.02i1Organizational.5-02.i",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1135.02i1Organizational.1234-02.i",
    - "hipaa-1166.01e1System.12-01.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b8a9bb2f-7290-3259-85ce-dca7d521302d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11154.02i1Organizational.5-02.i",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1135.02i1Organizational.1234-02.i",
    - "hipaa-1166.01e1System.12-01.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "979ed3b6-83f9-26bc-4b86-5b05464700bf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1109.01b1System.479-01.b",
    - "hipaa-11154.02i1Organizational.5-02.i",
    - "hipaa-11220.01b1System.10-01.b",
    - "hipaa-1135.02i1Organizational.1234-02.i",
    - "hipaa-1166.01e1System.12-01.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f29b17a4-0df2-8a50-058a-8570f9979d28",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-11109.01q1Organizational.57-01.q",
    - "hipaa-1167.01e2System.1-01.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4781e5fd-76b8-7d34-6df3-a0a7fca47665",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-11109.01q1Organizational.57-01.q"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ca748dfe-3e28-1d18-4221-89aea30aa0a5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-11109.01q1Organizational.57-01.q",
    - "hipaa-1167.01e2System.1-01.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "identityDesignateLessThanOwnersMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-11112.01q2Organizational.67-01.q",
    - "hipaa-1144.01c1System.4-01.c",
    - "hipaa-1151.01c3System.1-01.c",
    - "hipaa-1154.01c3System.4-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e29a8f1b-149b-2fa3-969d-ebee1baa9472",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1112.01b2System.2-01.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0716f0f5-4955-2ccb-8d5e-c6be14d57c0f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1112.01b2System.2-01.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "449ebb52-945b-36e5-3446-af6f33770f8f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1112.01b2System.2-01.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d6653f89-7cb5-24a4-9d71-51581038231b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-11126.01t1Organizational.12-01.t"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d8350d4c-9314-400b-288f-20ddfce04fbd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1114.01h1Organizational.123-01.h"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4502e506-5f35-0df4-684f-b326e3cc7093",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1114.01h1Organizational.123-01.h"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2cc9c165-46bd-9762-5739-d2aae5ba90a1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-11155.02i2Organizational.2-02.i",
    - "hipaa-1208.09aa3System.1-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "34d38ea7-6754-1838-7031-d7fd07099821",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-11155.02i2Organizational.2-02.i",
    - "hipaa-1208.09aa3System.1-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8489ff90-8d29-61df-2d84-f9ab0f4c5e84",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-11155.02i2Organizational.2-02.i",
    - "hipaa-1208.09aa3System.1-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "55a7f9a0-6397-7589-05ef-5ed59a8149e7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-11190.01t1Organizational.3-01.t",
    - "hipaa-1192.01l1Organizational.1-01.l",
    - "hipaa-1193.01l2Organizational.13-01.l",
    - "hipaa-1801.08b1Organizational.124-08.b",
    - "hipaa-1802.08b1Organizational.3-08.b",
    - "hipaa-1804.08b2Organizational.12-08.b",
    - "hipaa-1805.08b2Organizational.3-08.b",
    - "hipaa-1806.08b2Organizational.4-08.b",
    - "hipaa-1807.08b2Organizational.56-08.b",
    - "hipaa-1808.08b2Organizational.7-08.b",
    - "hipaa-1810.08b3Organizational.2-08.b",
    - "hipaa-1811.08b3Organizational.3-08.b",
    - "hipaa-1813.08b3Organizational.56-08.b",
    - "hipaa-18146.08b3Organizational.8-08.b",
    - "hipaa-1844.08b1Organizational.6-08.b",
    - "hipaa-1845.08b1Organizational.7-08.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e603da3a-8af7-4f8a-94cb-1bcc0e0333d2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-11190.01t1Organizational.3-01.t",
    - "hipaa-1908.06.c1Organizational.4-06.c",
    - "hipaa-19141.06c1Organizational.7-06.c",
    - "hipaa-19142.06c1Organizational.8-06.c",
    - "hipaa-19144.06c2Organizational.1-06.c",
    - "hipaa-19145.06c2Organizational.2-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "azureMonitorShouldCollectActivityLogsFromAllRegions",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1120.09ab3System.9-09.ab",
    - "hipaa-1214.09ab2System.3456-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "identityDesignateMoreThanOneOwnerMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-11208.01q1Organizational.8-01.q",
    - "hipaa-1145.01c2System.1-01.c",
    - "hipaa-1152.01c3System.2-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - membersToExclude: {1 item
      - value: "[parameters('membersToExclude')]"
      }
    },
  - groupNames: [2 items
    - "hipaa-11210.01q2Organizational.10-01.q",
    - "hipaa-1125.01q2System.1-01.q"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "TheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - membersToInclude: {1 item
      - value: "[parameters('membersToInclude')]"
      }
    },
  - groupNames: [2 items
    - "hipaa-11211.01q2Organizational.11-01.q",
    - "hipaa-1127.01q2System.3-01.q"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2d2ca910-7957-23ee-2945-33f401606efc",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1122.01q1System.1-01.q",
    - "hipaa-1424.05j2Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "db8b35d6-8adb-3f51-44ff-c648ab5b1530",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1122.01q1System.1-01.q",
    - "hipaa-1424.05j2Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a8df9c78-4044-98be-2c05-31a315ac8957",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1122.01q1System.1-01.q",
    - "hipaa-1424.05j2Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainOnlyTheSpecifiedMembers",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - members: {1 item
      - value: "[parameters('members')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1123.01q1System.2-01.q"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ed87d27a-9abf-7c71-714c-61d881889da4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1145.01c2System.1-01.c",
    - "hipaa-1151.01c3System.1-01.c",
    - "hipaa-1152.01c3System.2-01.c",
    - "hipaa-1214.09ab2System.3456-09.ab",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e714b481-8fac-64a2-14a9-6f079b2501a4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [9 items
    - "hipaa-1129.01v1System.12-01.v",
    - "hipaa-1145.01c2System.1-01.c",
    - "hipaa-1151.01c3System.1-01.c",
    - "hipaa-1152.01c3System.2-01.c",
    - "hipaa-1214.09ab2System.3456-09.ab",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "92a7591f-73b3-1173-a09c-a08882d84c70",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1133.01v2System.4-01.v"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "22c16ae4-19d0-29cb-422f-cb44061180ee",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1136.02i2Organizational.1-02.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "restrictAccessToManagementPortsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('restrictAccessToManagementPortsMonitoringEffect')]"
      }
    },
  - groupNames: [3 items
    - "hipaa-1143.01c1System.123-01.c",
    - "hipaa-1150.01c2System.10-01.c",
    - "hipaa-1193.01l2Organizational.13-01.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "68d2e478-3b19-23eb-1357-31b296547457",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-1146.01c2System.23-01.c",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "identityRemoveExternalAccountWithOwnerPermissionsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1146.01c2System.23-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1147.01c2System.456-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaseline_SecurityOptionsAccounts",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - AccountsGuestAccountStatus: {1 item
      - value: "[parameters('DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1148.01c2System.78-01.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "useRbacRulesMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1148.01c2System.78-01.c",
    - "hipaa-1230.09c2Organizational.1-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "kubernetesServiceRbacEnabledMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('kubernetesServiceRbacEnabledMonitoringEffect')]"
      }
    },
  - groupNames: [3 items
    - "hipaa-1149.01c2System.9-01.c",
    - "hipaa-1153.01c3System.35-01.c",
    - "hipaa-1229.09c1Organizational.1-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8eea8c14-4d93-63a3-0c82-000343ee5204",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-1151.01c3System.1-01.c",
    - "hipaa-1152.01c3System.2-01.c",
    - "hipaa-1214.09ab2System.3456-09.ab",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1276.09c2Organizational.2-09.c",
    - "hipaa-1451.05iCSPOrganizational.2-05.i"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f96d2186-79df-262d-3f76-f371e3b71798",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1168.01e2System.2-01.e",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1276.09c2Organizational.2-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7805a343-275c-41be-9d62-7215b96212d8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1168.01e2System.2-01.e",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1276.09c2Organizational.2-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "08ad71d0-52be-6503-4908-e015460a16ae",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1178.01j2Organizational.7-01.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "06f84330-4c27-21f7-72cd-7488afd50244",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1902.06d1Organizational.2-06.d",
    - "hipaa-19243.06d1Organizational.15-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "069101ac-4578-31da-0cd4-ff083edd3eb4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1713.03c1Organizational.3-03.c",
    - "hipaa-1902.06d1Organizational.2-06.d",
    - "hipaa-1911.06d1Organizational.13-06.d",
    - "hipaa-19242.06d1Organizational.14-06.d",
    - "hipaa-19243.06d1Organizational.15-06.d",
    - "hipaa-19245.06d2Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "098a7b84-1031-66d8-4e78-bd15b5fd2efb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1201.06e1Organizational.2-06.e",
    - "hipaa-1902.06d1Organizational.2-06.d",
    - "hipaa-19243.06d1Organizational.15-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a930f477-9dcb-2113-8aa7-45bb6fc90861",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1202.09aa1System.1-09.aa",
    - "hipaa-1210.09aa3System.3-09.aa",
    - "hipaa-1216.09ab3System.12-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a3e98638-51d4-4e28-910a-60e98c1a756f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities ,
  - definitionVersion: 1.*.*1.1.1,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-1202.09aa1System.1-09.aa",
    - "hipaa-1203.09aa1System.2-09.aa",
    - "hipaa-1204.09aa1System.3-09.aa",
    - "hipaa-1205.09aa2System.1-09.aa",
    - "hipaa-1206.09aa2System.23-09.aa",
    - "hipaa-1207.09aa2System.4-09.aa",
    - "hipaa-1208.09aa3System.1-09.aa",
    - "hipaa-1209.09aa3System.2-09.aa",
    - "hipaa-1214.09ab2System.3456-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1230.09c2Organizational.1-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInDataLakeStoreMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {1 item
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1202.09aa1System.1-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInLogicAppsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled ,
  - definitionVersion: 5.*.*5.1.0,
  - parameters: {1 item
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1203.09aa1System.2-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticLogsInIoTHubShouldBeEnabled",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled ,
  - definitionVersion: 3.*.*3.1.0,
  - parameters: {1 item
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1204.09aa1System.3-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "44f8a42d-739f-8030-89a8-4c2d5b3f6af3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1205.09aa2System.1-09.aa",
    - "hipaa-1215.09ab2System.7-09.ab",
    - "hipaa-1219.09ab3System.10-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "27ce30dd-3d56-8b54-6144-e26d9a37a541",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1205.09aa2System.1-09.aa",
    - "hipaa-1215.09ab2System.7-09.ab",
    - "hipaa-1219.09ab3System.10-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "21633c09-804e-7fcd-78e3-635c6bfe2be7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1205.09aa2System.1-09.aa",
    - "hipaa-1215.09ab2System.7-09.ab",
    - "hipaa-1219.09ab3System.10-09.ab",
    - "hipaa-1222.09ab3System.8-09.ab",
    - "hipaa-1519.11c2Organizational.2-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInBatchAccountMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('diagnosticsLogsInBatchAccountRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1205.09aa2System.1-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2c843d78-8f64-92b5-6a9b-e8186c0e7eb6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1207.09aa2System.4-09.aa",
    - "hipaa-1232.09c3Organizational.12-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0e696f5a-451f-5c15-5532-044136538491",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0e696f5a-451f-5c15-5532-044136538491 Protect audit information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1207.09aa2System.4-09.aa",
    - "hipaa-1232.09c3Organizational.12-09.c",
    - "hipaa-1271.09ad1System.1-09.ad",
    - "hipaa-1271.09ad2System.1",
    - "hipaa-1276.09c2Organizational.2-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "efef28d0-3226-966a-a1e8-70e89c1b30bc",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-1207.09aa2System.4-09.aa",
    - "hipaa-1210.09aa3System.3-09.aa",
    - "hipaa-1908.06.c1Organizational.4-06.c",
    - "hipaa-19142.06c1Organizational.8-06.c",
    - "hipaa-19144.06c2Organizational.1-06.c",
    - "hipaa-19145.06c2Organizational.2-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInEventHubMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('diagnosticsLogsInEventHubMonitoringEffect')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('diagnosticsLogsInEventHubRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1207.09aa2System.4-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInStreamAnalyticsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {1 item
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1207.09aa2System.4-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInSearchServiceMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('diagnosticsLogsInSearchServiceRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1208.09aa3System.1-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInServiceBusMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {1 item
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1208.09aa3System.1-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticLogsInAppServicesShouldBeEnabledMonitoringEffect",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1209.09aa3System.2-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1ee4c7eb-480a-0007-77ff-4ba370776266",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1210.09aa3System.3-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "auditDiagnosticSetting",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {3 items
    - listOfResourceTypes: {1 item
      - value: "[parameters('listOfResourceTypes')]"
      },
    - logsEnabled: {1 item
      - value: "[parameters('logsEnabled-7f89b1eb-583c-429a-8828-af049802c1d9')]"
      },
    - metricsEnabled: {1 item
      - value: "[parameters('metricsEnabled-7f89b1eb-583c-429a-8828-af049802c1d9')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1210.09aa3System.3-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInDataLakeAnalyticsMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {1 item
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1210.09aa3System.3-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "07b42fb5-027e-5a3c-4915-9d9ef3020ec7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-12100.09ab2System.15-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSets",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-12101.09ab1Organizational.3-09.ab",
    - "hipaa-1216.09ab3System.12-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3545c827-26ee-282d-4629-23952a12008b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-12102.09ab1Organizational.4-09.ab",
    - "hipaa-1331.02e3Organizational.4-02.e",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1516.11c1Organizational.12-11.c",
    - "hipaa-1520.11c2Organizational.4-11.c",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1560.11d1Organizational.1-11.d",
    - "hipaa-1562.11d2Organizational.2-11.d",
    - "hipaa-1563.11d2Organizational.3-11.d",
    - "hipaa-1589.11c1Organizational.5-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a8f9c283-9a66-3eb3-9e10-bdba95b85884",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-12102.09ab1Organizational.4-09.ab",
    - "hipaa-1331.02e3Organizational.4-02.e",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1516.11c1Organizational.12-11.c",
    - "hipaa-1520.11c2Organizational.4-11.c",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1560.11d1Organizational.1-11.d",
    - "hipaa-1562.11d2Organizational.2-11.d",
    - "hipaa-1563.11d2Organizational.3-11.d",
    - "hipaa-1589.11c1Organizational.5-11.c",
    - "hipaa-1814.08d1Organizational.12-08.d",
    - "hipaa-1815.08d2Organizational.123-08.d",
    - "hipaa-1818.08d3Organizational.3-08.d",
    - "hipaa-1862.08d1Organizational.3-08.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "auditWindowsLogAnalyticsAgentConnection",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - workspaceId: {1 item
      - value: "[parameters('workspaceId')]"
      }
    },
  - groupNames: [2 items
    - "hipaa-12102.09ab1Organizational.4-09.ab",
    - "hipaa-1217.09ab3System.3-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AuditSqlServerLevelAuditingSettings",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1211.09aa3System.4-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInKeyVaultMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {1 item
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1211.09aa3System.4-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "diagnosticsLogsInManagedHsmMonitoring",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1211.09aa3System.4-09.aa"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "azureMonitorLogProfileShouldCollectLogsForCategoriesWrite,Delete,AndAction",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1212.09ab1System.1-09.ab",
    - "hipaa-1219.09ab3System.10-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2c6bee3a-2180-2430-440d-db3c7a849870",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-1216.09ab3System.12-09.ab",
    - "hipaa-1218.09ab3System.47-09.ab",
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1506.11a1Organizational.2-11.a",
    - "hipaa-1508.11a2Organizational.1-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1512.11a2Organizational.8-11.a",
    - "hipaa-1516.11c1Organizational.12-11.c",
    - "hipaa-1517.11c1Organizational.3-11.c",
    - "hipaa-1519.11c2Organizational.2-11.c",
    - "hipaa-1522.11c3Organizational.13-11.c",
    - "hipaa-1523.11c3Organizational.24-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b0e3035d-6366-2e37-796e-8bcab9c649e6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1222.09ab3System.8-09.ab",
    - "hipaa-1411.09f1System.1-09.f"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "171e377b-5224-4a97-1eaa-62a3b5231dac",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1222.09ab3System.8-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9c93ef57-7000-63fb-9b74-88f2e17ca5d2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1222.09ab3System.8-09.ab",
    - "hipaa-1411.09f1System.1-09.f"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "26d178a4-9261-6f04-a100-47ed85314c6e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1222.09ab3System.8-09.ab"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaselineUserRightsAssignment",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {18 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - usersOrGroupsThatMayAccessThisComputerFromTheNetwork: {1 item
      - value: "[parameters('usersOrGroupsThatMayAccessThisComputerFromTheNetwork')]"
      },
    - usersOrGroupsThatMayLogOnLocally: {1 item
      - value: "[parameters('usersOrGroupsThatMayLogOnLocally')]"
      },
    - usersOrGroupsThatMayLogOnThroughRemoteDesktopServices: {1 item
      - value: "[parameters('usersOrGroupsThatMayLogOnThroughRemoteDesktopServices')]"
      },
    - usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork: {1 item
      - value: "[parameters('usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork')]"
      },
    - usersOrGroupsThatMayManageAuditingAndSecurityLog: {1 item
      - value: "[parameters('usersOrGroupsThatMayManageAuditingAndSecurityLog')]"
      },
    - usersOrGroupsThatMayBackUpFilesAndDirectories: {1 item
      - value: "[parameters('usersOrGroupsThatMayBackUpFilesAndDirectories')]"
      },
    - usersOrGroupsThatMayChangeTheSystemTime: {1 item
      - value: "[parameters('usersOrGroupsThatMayChangeTheSystemTime')]"
      },
    - usersOrGroupsThatMayChangeTheTimeZone: {1 item
      - value: "[parameters('usersOrGroupsThatMayChangeTheTimeZone')]"
      },
    - usersOrGroupsThatMayCreateATokenObject: {1 item
      - value: "[parameters('usersOrGroupsThatMayCreateATokenObject')]"
      },
    - usersAndGroupsThatAreDeniedLoggingOnAsABatchJob: {1 item
      - value: "[parameters('usersAndGroupsThatAreDeniedLoggingOnAsABatchJob')]"
      },
    - usersAndGroupsThatAreDeniedLoggingOnAsAService: {1 item
      - value: "[parameters('usersAndGroupsThatAreDeniedLoggingOnAsAService')]"
      },
    - usersAndGroupsThatAreDeniedLocalLogon: {1 item
      - value: "[parameters('usersAndGroupsThatAreDeniedLocalLogon')]"
      },
    - usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices: {1 item
      - value: "[parameters('usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices')]"
      },
    - userAndGroupsThatMayForceShutdownFromARemoteSystem: {1 item
      - value: "[parameters('userAndGroupsThatMayForceShutdownFromARemoteSystem')]"
      },
    - usersAndGroupsThatMayRestoreFilesAndDirectories: {1 item
      - value: "[parameters('usersAndGroupsThatMayRestoreFilesAndDirectories')]"
      },
    - usersAndGroupsThatMayShutDownTheSystem: {1 item
      - value: "[parameters('usersAndGroupsThatMayShutDownTheSystem')]"
      },
    - usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects: {1 item
      - value: "[parameters('usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1232.09c3Organizational.12-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "auditSpecificAdministrativeOperationsWithoutActivityLogAlerts",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - operationName: {1 item
      - value: "[parameters('operationName')]"
      }
    },
  - groupNames: [2 items
    - "hipaa-1270.09ad1System.12-09.ad",
    - "hipaa-1271.09ad1System.1-09.ad"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaselineSecurityOptionsUserAccountControl",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {5 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - uacAdminApprovalModeForTheBuiltinAdministratorAccount: {1 item
      - value: "[parameters('uacAdminApprovalModeForTheBuiltinAdministratorAccount')]"
      },
    - uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode: {1 item
      - value: "[parameters('uacBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode')]"
      },
    - uacDetectApplicationInstallationsAndPromptForElevation: {1 item
      - value: "[parameters('uacDetectApplicationInstallationsAndPromptForElevation')]"
      },
    - uacRunAllAdministratorsInAdminApprovalMode: {1 item
      - value: "[parameters('uacRunAllAdministratorsInAdminApprovalMode')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1277.09c2Organizational.4-09.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "35de8462-03ff-45b3-5746-9d4603c74c56",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1302.02e2Organizational.134-02.e",
    - "hipaa-1507.11a1Organizational.4-11.a",
    - "hipaa-1525.11a1Organizational.6-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "015b4935-448a-8684-27c0-d13086356c33",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/015b4935-448a-8684-27c0-d13086356c33 Implement a threat awareness program ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1302.02e2Organizational.134-02.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "97f0d974-1486-01e2-2088-b888f46c0589",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1304.02e3Organizational.1-02.e",
    - "hipaa-19134.05j1Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "de936662-13dc-204c-75ec-1af80f994088",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/de936662-13dc-204c-75ec-1af80f994088 Provide contingency training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-1304.02e3Organizational.1-02.e",
    - "hipaa-1311.12c2Organizational.3-12.c",
    - "hipaa-1313.02e1Organizational.3-02.e",
    - "hipaa-1669.12d1Organizational.8-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2d4d0e90-32d9-4deb-2166-a00d51ed57c0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-1304.02e3Organizational.1-02.e",
    - "hipaa-1311.12c2Organizational.3-12.c",
    - "hipaa-1313.02e1Organizational.3-02.e",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1508.11a2Organizational.1-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1516.11c1Organizational.12-11.c",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1589.11c1Organizational.5-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9c954fcf-6dd8-81f1-41b5-832ae5c62caf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1311.12c2Organizational.3-12.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1fdeb7c4-4c93-8271-a135-17ebe85f1cc7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-1331.02e3Organizational.4-02.e",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1589.11c1Organizational.5-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "92b94485-1c49-3350-9ada-dffe94f08e87",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1422.05j2Organizational.3-05.j",
    - "hipaa-17120.10a3Organizational.5-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "dc7ec756-221c-33c8-0afe-c48e10e42321",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1423.05j2Organizational.4-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "55be3260-a7a2-3c06-7fe6-072d07525ab7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1424.05j2Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f8d141b7-4e21-62a6-6608-c79336e36bc9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1432.05k1Organizational.89-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "037c0089-6606-2dab-49ad-437005b5035f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-1450.05i2Organizational.2-05.i",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1523.11c3Organizational.24-11.c",
    - "hipaa-1577.11aCSPOrganizational.1-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1450.05i2Organizational.2-05.i",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1453.05kCSPOrganizational.2-05.k",
    - "hipaa-1454.05kCSPOrganizational.3-05.k",
    - "hipaa-17120.10a3Organizational.5-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2b2f3a72-9e68-3993-2b69-13dcdecf8958",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-1450.05i2Organizational.2-05.i",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1453.05kCSPOrganizational.2-05.k",
    - "hipaa-1454.05kCSPOrganizational.3-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9150259b-617b-596d-3bf5-5ca3fce20335",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-1450.05i2Organizational.2-05.i",
    - "hipaa-1451.05iCSPOrganizational.2-05.i",
    - "hipaa-1453.05kCSPOrganizational.2-05.k",
    - "hipaa-1454.05kCSPOrganizational.3-05.k"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "13939f8c-4cd5-a6db-9af4-9dfec35e3722",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1464.09e2Organizational.5-09.e",
    - "hipaa-1622.09l2Organizational.23-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f33c3238-11d2-508c-877c-4262ec1132e1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption ,
  - definitionVersion: 1.*.*1.1.1,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1464.09e2Organizational.5-09.e"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "423f6d9c-0c73-9cc6-64f4-b52242490368",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [10 items
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1561.11d2Organizational.14-11.d",
    - "hipaa-1562.11d2Organizational.2-11.d",
    - "hipaa-1587.11c2Organizational.10-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8c255136-994b-9616-79f5-ae87810e0dcf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [14 items
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1506.11a1Organizational.2-11.a",
    - "hipaa-1508.11a2Organizational.1-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1522.11c3Organizational.13-11.c",
    - "hipaa-1561.11d2Organizational.14-11.d",
    - "hipaa-1562.11d2Organizational.2-11.d",
    - "hipaa-1587.11c2Organizational.10-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "54a9c072-4a93-2a03-6a43-a060d30383d7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1506.11a1Organizational.2-11.a",
    - "hipaa-1508.11a2Organizational.1-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1522.11c3Organizational.13-11.c",
    - "hipaa-1561.11d2Organizational.14-11.d",
    - "hipaa-1562.11d2Organizational.2-11.d",
    - "hipaa-1587.11c2Organizational.10-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ba78efc6-795c-64f4-7a02-91effbd34af9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1506.11a1Organizational.2-11.a",
    - "hipaa-1508.11a2Organizational.1-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1522.11c3Organizational.13-11.c",
    - "hipaa-1561.11d2Organizational.14-11.d",
    - "hipaa-1562.11d2Organizational.2-11.d",
    - "hipaa-1587.11c2Organizational.10-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "433de59e-7a53-a766-02c2-f80f8421469a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [16 items
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1506.11a1Organizational.2-11.a",
    - "hipaa-1508.11a2Organizational.1-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a",
    - "hipaa-1516.11c1Organizational.12-11.c",
    - "hipaa-1517.11c1Organizational.3-11.c",
    - "hipaa-1520.11c2Organizational.4-11.c",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1522.11c3Organizational.13-11.c",
    - "hipaa-1560.11d1Organizational.1-11.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "98145a9b-428a-7e81-9d14-ebb154a24f93",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1506.11a1Organizational.2-11.a",
    - "hipaa-1508.11a2Organizational.1-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1522.11c3Organizational.13-11.c",
    - "hipaa-1561.11d2Organizational.14-11.d",
    - "hipaa-1562.11d2Organizational.2-11.d",
    - "hipaa-1587.11c2Organizational.10-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "37b0045b-3887-367b-8b4d-b9a6fa911bb9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a",
    - "hipaa-1516.11c1Organizational.12-11.c",
    - "hipaa-1517.11c1Organizational.3-11.c",
    - "hipaa-1520.11c2Organizational.4-11.c",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1560.11d1Organizational.1-11.d",
    - "hipaa-1563.11d2Organizational.3-11.d",
    - "hipaa-1587.11c2Organizational.10-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "37546841-8ea1-5be0-214d-8ac599588332",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [13 items
    - "hipaa-1501.02f1Organizational.123-02.f",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a",
    - "hipaa-1516.11c1Organizational.12-11.c",
    - "hipaa-1517.11c1Organizational.3-11.c",
    - "hipaa-1520.11c2Organizational.4-11.c",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1560.11d1Organizational.1-11.d",
    - "hipaa-1563.11d2Organizational.3-11.d",
    - "hipaa-1587.11c2Organizational.10-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "98e33927-8d7f-6d5f-44f5-2469b40b7215",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-1503.02f2Organizational.12-02.f",
    - "hipaa-1507.11a1Organizational.4-11.a",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1525.11a1Organizational.6-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b470a37a-7a47-3792-34dd-7a793140702e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1504.06e1Organizational.34-06.e",
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1523.11c3Organizational.24-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "23d1a569-2d1e-7f43-9e22-1f94115b7dd5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1562.11d2Organizational.2-11.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0fd1ca29-677b-2f12-1879-639716459160",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1516.11c1Organizational.12-11.c",
    - "hipaa-1517.11c1Organizational.3-11.c",
    - "hipaa-1520.11c2Organizational.4-11.c",
    - "hipaa-1560.11d1Organizational.1-11.d",
    - "hipaa-1587.11c2Organizational.10-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2401b496-7f23-79b2-9f80-89bb5abf3d4a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [8 items
    - "hipaa-1505.11a1Organizational.13-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1510.11a2Organizational.47-11.a",
    - "hipaa-1516.11c1Organizational.12-11.c",
    - "hipaa-1517.11c1Organizational.3-11.c",
    - "hipaa-1520.11c2Organizational.4-11.c",
    - "hipaa-1560.11d1Organizational.1-11.d",
    - "hipaa-1587.11c2Organizational.10-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c5784049-959f-6067-420c-f4cefae93076",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [12 items
    - "hipaa-1506.11a1Organizational.2-11.a",
    - "hipaa-1509.11a2Organizational.236-11.a",
    - "hipaa-1511.11a2Organizational.5-11.a",
    - "hipaa-1515.11a3Organizational.3-11.a",
    - "hipaa-1521.11c2Organizational.56-11.c",
    - "hipaa-1562.11d2Organizational.2-11.d",
    - "hipaa-1603.12c1Organizational.9-12.c",
    - "hipaa-1634.12b1Organizational.1-12.b",
    - "hipaa-1636.12b2Organizational.1-12.b",
    - "hipaa-1666.12d1Organizational.1235-12.d",
    - "hipaa-1667.12d1Organizational.4-12.d",
    - "hipaa-1672.12d2Organizational.3-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b8689b2e-4308-a58b-a0b4-6f3343a000df",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1523.11c3Organizational.24-11.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d4e6a629-28eb-79a9-000b-88030e4823ca",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1524.11a1Organizational.5-11.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "aa305b4d-8c84-1754-0c74-dec004e66be0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [15 items
    - "hipaa-1562.11d2Organizational.2-11.d",
    - "hipaa-1601.12c1Organizational.1238-12.c",
    - "hipaa-1602.12c1Organizational.4567-12.c",
    - "hipaa-1607.12c2Organizational.4-12.c",
    - "hipaa-1617.09l1Organizational.23-09.l",
    - "hipaa-1634.12b1Organizational.1-12.b",
    - "hipaa-1635.12b1Organizational.2-12.b",
    - "hipaa-1636.12b2Organizational.1-12.b",
    - "hipaa-1637.12b2Organizational.2-12.b",
    - "hipaa-1638.12b2Organizational.345-12.b",
    - "hipaa-1666.12d1Organizational.1235-12.d",
    - "hipaa-1668.12d1Organizational.67-12.d",
    - "hipaa-1669.12d1Organizational.8-12.d",
    - "hipaa-1670.12d2Organizational.1-12.d",
    - "hipaa-1672.12d2Organizational.3-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "56fb5173-3865-5a5d-5fad-ae33e53e1577",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/56fb5173-3865-5a5d-5fad-ae33e53e1577 Address information security issues ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1562.11d2Organizational.2-11.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "14a4fd0a-9100-1e12-1362-792014a28155",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [6 items
    - "hipaa-1601.12c1Organizational.1238-12.c",
    - "hipaa-1637.12b2Organizational.2-12.b",
    - "hipaa-1667.12d1Organizational.4-12.d",
    - "hipaa-1669.12d1Organizational.8-12.d",
    - "hipaa-1671.12d2Organizational.2-12.d",
    - "hipaa-1672.12d2Organizational.3-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "58a51cde-008b-1a5d-61b5-d95849770677",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1601.12c1Organizational.1238-12.c",
    - "hipaa-1669.12d1Organizational.8-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "bd6cbcba-4a2d-507c-53e3-296b5c238a8e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1602.12c1Organizational.4567-12.c",
    - "hipaa-1667.12d1Organizational.4-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "33602e78-35e3-4f06-17fb-13dd887448e4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1602.12c1Organizational.4567-12.c",
    - "hipaa-1638.12b2Organizational.345-12.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "75b42dcf-7840-1271-260b-852273d7906e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1603.12c1Organizational.9-12.c",
    - "hipaa-1634.12b1Organizational.1-12.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "eff6e4a5-3efe-94dd-2ed1-25d56a019a82",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1603.12c1Organizational.9-12.c",
    - "hipaa-1634.12b1Organizational.1-12.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a1334a65-2622-28ee-5067-9d7f5b915cc5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1603.12c1Organizational.9-12.c",
    - "hipaa-1666.12d1Organizational.1235-12.d",
    - "hipaa-1667.12d1Organizational.4-12.d",
    - "hipaa-1671.12d2Organizational.2-12.d",
    - "hipaa-1672.12d2Organizational.3-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "245fe58b-96f8-9f1e-48c5-7f49903f66fd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1604.12c2Organizational.16789-12.c",
    - "hipaa-1618.09l1Organizational.45-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5f2e834d-7e40-a4d5-a216-e49b16955ccf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1604.12c2Organizational.16789-12.c",
    - "hipaa-1609.12c3Organizational.12-12.c",
    - "hipaa-1619.09l1Organizational.7-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b269a749-705e-8bff-055a-147744675cdf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [11 items
    - "hipaa-1608.12c2Organizational.5-12.c",
    - "hipaa-1616.09l1Organizational.16-09.l",
    - "hipaa-1617.09l1Organizational.23-09.l",
    - "hipaa-1620.09l1Organizational.8-09.l",
    - "hipaa-1623.09l2Organizational.4-09.l",
    - "hipaa-1624.09l3Organizational.12-09.l",
    - "hipaa-1625.09l3Organizational.34-09.l",
    - "hipaa-1626.09l3Organizational.5-09.l",
    - "hipaa-1908.06.c1Organizational.4-06.c",
    - "hipaa-19141.06c1Organizational.7-06.c",
    - "hipaa-19145.06c2Organizational.2-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "longtermGeoRedundantBackupEnabledAzureSQLDatabases",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1616.09l1Organizational.16-09.l",
    - "hipaa-1621.09l2Organizational.1-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1617.09l1Organizational.23-09.l",
    - "hipaa-1622.09l2Organizational.23-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4f23967c-a74b-9a09-9dc2-f566f61a87b9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [7 items
    - "hipaa-1618.09l1Organizational.45-09.l",
    - "hipaa-1620.09l1Organizational.8-09.l",
    - "hipaa-1622.09l2Organizational.23-09.l",
    - "hipaa-1623.09l2Organizational.4-09.l",
    - "hipaa-1624.09l3Organizational.12-09.l",
    - "hipaa-1908.06.c1Organizational.4-06.c",
    - "hipaa-19141.06c1Organizational.7-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1618.09l1Organizational.45-09.l",
    - "hipaa-1623.09l2Organizational.4-09.l",
    - "hipaa-1626.09l3Organizational.5-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1619.09l1Organizational.7-09.l",
    - "hipaa-1624.09l3Organizational.12-09.l",
    - "hipaa-1627.09l3Organizational.6-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "azureBackupShouldBeEnabledForVirtualMachines",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1620.09l1Organizational.8-09.l",
    - "hipaa-1625.09l3Organizational.34-09.l",
    - "hipaa-1699.09l1Organizational.10-09.l"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AuditVirtualMachinesWithoutDisasterRecoveryConfigured",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1634.12b1Organizational.1-12.b",
    - "hipaa-1638.12b2Organizational.345-12.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "cb8841d4-9d13-7292-1d06-ba4d68384681",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1635.12b1Organizational.2-12.b",
    - "hipaa-1636.12b2Organizational.1-12.b",
    - "hipaa-1669.12d1Organizational.8-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "keyVaultObjectsShouldBeRecoverable",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1635.12b1Organizational.2-12.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "managedHsmObjectsShouldBeRecoverable",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1635.12b1Organizational.2-12.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaseline_SecurityOptionsRecoveryconsole",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders: {1 item
      - value: "[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]"
      }
    },
  - groupNames: [1 item
    - "hipaa-1637.12b2Organizational.2-12.b"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "53fc1282-0ee3-2764-1319-e20143bb0ea5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1671.12d2Organizational.2-12.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "44b71aa8-099d-8b97-1557-0e853ec38e0d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-17101.10a3Organizational.6-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "22a02c9a-49e4-5dc9-0d14-eb35ad717154",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls ,
  - definitionVersion: 1.*.*1.1.1,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-17101.10a3Organizational.6-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0a24f5dc-8c40-94a7-7aee-bb7cd4781d37",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Issue guidelines for ensuring data quality and integrity ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1713.03c1Organizational.3-03.c",
    - "hipaa-19245.06d2Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "79c75b38-334b-1a69-65e0-a9d929a42f75",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1713.03c1Organizational.3-03.c",
    - "hipaa-1911.06d1Organizational.13-06.d",
    - "hipaa-19242.06d1Organizational.14-06.d",
    - "hipaa-19243.06d1Organizational.15-06.d",
    - "hipaa-19245.06d2Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b6b32f80-a133-7600-301e-398d688e7e0c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1713.03c1Organizational.3-03.c",
    - "hipaa-1911.06d1Organizational.13-06.d",
    - "hipaa-19242.06d1Organizational.14-06.d",
    - "hipaa-19243.06d1Organizational.15-06.d",
    - "hipaa-19245.06d2Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "52375c01-4d4c-7acc-3aa4-5b3d53a047ec",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1713.03c1Organizational.3-03.c",
    - "hipaa-1902.06d1Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "59f7feff-02aa-6539-2cf7-bea75b762140",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1780.10a1Organizational.1-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8b333332-6efd-7c0d-5a9f-d1eb95105214",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1784.10a1Organizational.7-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3e37c891-840c-3eb4-78d2-e2e0bb5063e0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1785.10a1Organizational.8-10.a",
    - "hipaa-1797.10a3Organizational.1-10.a",
    - "hipaa-1799.10a3Organizational.34-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "34738025-5925-51f9-1081-f2d0060133ed",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1787.10a2Organizational.1-10.a",
    - "hipaa-19134.05j1Organizational.5-05.j",
    - "hipaa-19243.06d1Organizational.15-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b9d45adb-471b-56a5-64d2-5b241f126174",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b9d45adb-471b-56a5-64d2-5b241f126174 Automate privacy controls ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1787.10a2Organizational.1-10.a",
    - "hipaa-19243.06d1Organizational.15-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f131c8c5-a54a-4888-1efc-158928924bc1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1797.10a3Organizational.1-10.a",
    - "hipaa-1798.10a3Organizational.2-10.a",
    - "hipaa-1799.10a3Organizational.34-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7a114735-a420-057d-a651-9a73cd0416ef",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1797.10a3Organizational.1-10.a",
    - "hipaa-1799.10a3Organizational.34-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "57adc919-9dca-817c-8197-64d812070316",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1797.10a3Organizational.1-10.a",
    - "hipaa-1798.10a3Organizational.2-10.a",
    - "hipaa-1799.10a3Organizational.34-10.a"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b8587fce-138f-86e8-33a3-c60768bf1da6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-1803.08b1Organizational.5-08.b",
    - "hipaa-1819.08j1Organizational.23-08.j",
    - "hipaa-1821.08j2Organizational.3-08.j",
    - "hipaa-1822.08j2Organizational.2-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "74041cfe-3f87-1d17-79ec-34ca5f895542",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [4 items
    - "hipaa-1803.08b1Organizational.5-08.b",
    - "hipaa-1819.08j1Organizational.23-08.j",
    - "hipaa-1821.08j2Organizational.3-08.j",
    - "hipaa-1822.08j2Organizational.2-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4ce91e4e-6dab-3c46-011a-aa14ae1561bf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-18109.08j1Organizational.4-08.j",
    - "hipaa-1819.08j1Organizational.23-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-18109.08j1Organizational.4-08.j",
    - "hipaa-1819.08j1Organizational.23-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7a489c62-242c-5db9-74df-c073056d6fa3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-18109.08j1Organizational.4-08.j",
    - "hipaa-1819.08j1Organizational.23-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5bac5fb7-7735-357b-767d-02264bfe5c3b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-18110.08j1Organizational.5-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "10c3a1b1-29b0-a2d5-8f4c-a284b0f07830",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-18110.08j1Organizational.5-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "eb598832-4bcc-658d-4381-3ecbe17b9866",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-18111.08j1Organizational.6-08.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c2eabc28-1e5c-78a2-a712-7cc176c44c07",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [5 items
    - "hipaa-1814.08d1Organizational.12-08.d",
    - "hipaa-1815.08d2Organizational.123-08.d",
    - "hipaa-1818.08d3Organizational.3-08.d",
    - "hipaa-1862.08d1Organizational.3-08.d",
    - "hipaa-1862.08d3Organizational.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4e400494-53a5-5147-6f4d-718b539c7394",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1901.06d1Organizational.1-06.d",
    - "hipaa-19134.05j1Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0bbfd658-93ab-6f5e-1e19-3c1c1da62d01",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1902.06d1Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "75b9db50-7906-2351-98ae-0458218609e5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/75b9db50-7906-2351-98ae-0458218609e5 Retain accounting of disclosures of information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1902.06d1Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d4f70530-19a2-2a85-6e0c-0c3c465e3325",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d4f70530-19a2-2a85-6e0c-0c3c465e3325 Make accounting of disclosures available upon request ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1902.06d1Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5020f3f4-a579-2f28-72a8-283c5a0b15f9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1902.06d1Organizational.2-06.d",
    - "hipaa-19243.06d1Organizational.15-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ee67c031-57fc-53d0-0cca-96c4c04345e8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1902.06d1Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5023a9e7-8e64-2db6-31dc-7bce27f796af",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5023a9e7-8e64-2db6-31dc-7bce27f796af Provide privacy notice to the public and to individuals ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-1906.06.c1Organizational.2-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "898a5781-2254-5a37-34c7-d78ea7c20d55",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/898a5781-2254-5a37-34c7-d78ea7c20d55 Publish SORNs for systems containing PII ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1906.06.c1Organizational.2-06.c",
    - "hipaa-1907.06.c1Organizational.3-06.c",
    - "hipaa-1908.06.c1Organizational.4-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "95eb7d09-9937-5df9-11d9-20317e3f60df",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/95eb7d09-9937-5df9-11d9-20317e3f60df Provide formal notice to individuals ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1906.06.c1Organizational.2-06.c",
    - "hipaa-1907.06.c1Organizational.3-06.c",
    - "hipaa-1908.06.c1Organizational.4-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f3c17714-8ce7-357f-4af2-a0baa63a063f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f3c17714-8ce7-357f-4af2-a0baa63a063f Make SORNs available publicly ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1906.06.c1Organizational.2-06.c",
    - "hipaa-1907.06.c1Organizational.3-06.c",
    - "hipaa-1908.06.c1Organizational.4-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3bd4e0af-7cbb-a3ec-4918-056a3c017ae2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 Keep SORNs updated ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [2 items
    - "hipaa-1907.06.c1Organizational.3-06.c",
    - "hipaa-1908.06.c1Organizational.4-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "94c842e3-8098-38f9-6d3f-8872b790527d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/94c842e3-8098-38f9-6d3f-8872b790527d Remove or redact any PII ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [3 items
    - "hipaa-1911.06d1Organizational.13-06.d",
    - "hipaa-19242.06d1Organizational.14-06.d",
    - "hipaa-19243.06d1Organizational.15-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b4512986-80f5-1656-0c58-08866bd2673a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-19134.05j1Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9e3c505e-7aeb-2096-3417-b132242731fc",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-19134.05j1Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b5244f81-6cab-3188-2412-179162294996",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-19134.05j1Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "96333008-988d-4add-549b-92b3a8c42063",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-19134.05j1Organizational.5-05.j"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ba02d0a0-566a-25dc-73f1-101c726a19c5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-19141.06c1Organizational.7-06.c"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8bb40df9-23e4-4175-5db3-8dba86349b73",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8bb40df9-23e4-4175-5db3-8dba86349b73 Confirm quality and integrity of PII ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-19245.06d2Organizational.2-06.d"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "cdcb825f-a0fb-31f9-29c1-ab566718499a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cdcb825f-a0fb-31f9-29c1-ab566718499a Publish Computer Matching Agreements on public website ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {},
  - groupNames: [1 item
    - "hipaa-19245.06d2Organizational.2-06.d"
    ]
  },
- {3 items
  - policyDefinitionReferenceId: "Prerequisite_AddSystemIdentityWhenNone",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities ,
  - definitionVersion: 4.*.*4.1.0
  },
- {3 items
  - policyDefinitionReferenceId: "Prerequisite_AddSystemIdentityWhenUser",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity ,
  - definitionVersion: 4.*.*4.1.0
  },
- {3 items
  - policyDefinitionReferenceId: "Prerequisite_DeployExtensionWindows",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs ,
  - definitionVersion: 1.*.*1.3.0
  },
- {3 items
  - policyDefinitionReferenceId: "Prerequisite_DeployExtensionLinux",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs ,
  - definitionVersion: 3.*.*3.2.0
  },
- {5 items
  - policyDefinitionReferenceId: "InstalledApp",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - installedApplication: {1 item
      - value: "[parameters('installedApplicationsOnWindowsVM')]"
      }
    },
  - groupNames: []
  },
- {5 items
  - policyDefinitionReferenceId: "AzureBaseline_AdministrativeTemplatesNetwork",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {4 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      },
    - EnableInsecureGuestLogons: {1 item
      - value: "[parameters('EnableInsecureGuestLogons')]"
      },
    - AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain: {1 item
      - value: "[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]"
      },
    - TurnOffMulticastNameResolution: {1 item
      - value: "[parameters('TurnOffMulticastNameResolution')]"
      }
    },
  - groupNames: []
  },
- {5 items
  - policyDefinitionReferenceId: "PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 ,
  - definitionVersion: 3.*.*3.1.0,
  - parameters: {1 item
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      }
    },
  - groupNames: []
  },
- {5 items
  - policyDefinitionReferenceId: "PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines')]"
      }
    },
  - groupNames: []
  }
],
policyDefinitionGroups: [577 items
- {2 items
  - name: "hipaa-0101.00a1Organizational.123-00.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0101.00a1Organizational.123-00.a"
  },
- {2 items
  - name: "hipaa-0102.00a2Organizational.123-00.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0102.00a2Organizational.123-00.a"
  },
- {2 items
  - name: "hipaa-0103.00a3Organizational.1234567-00.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0103.00a3Organizational.1234567-00.a"
  },
- {2 items
  - name: "hipaa-0104.02a1Organizational.12-02.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0104.02a1Organizational.12-02.a"
  },
- {2 items
  - name: "hipaa-0105.02a2Organizational.1-02.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0105.02a2Organizational.1-02.a"
  },
- {2 items
  - name: "hipaa-0106.02a2Organizational.23-02.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0106.02a2Organizational.23-02.a"
  },
- {2 items
  - name: "hipaa-0107.02d1Organizational.1-02.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0107.02d1Organizational.1-02.d"
  },
- {2 items
  - name: "hipaa-0108.02d1Organizational.23-02.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0108.02d1Organizational.23-02.d"
  },
- {2 items
  - name: "hipaa-0109.02d1Organizational.4-02.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0109.02d1Organizational.4-02.d"
  },
- {2 items
  - name: "hipaa-0110.02d2Organizational.1-02.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0110.02d2Organizational.1-02.d"
  },
- {2 items
  - name: "hipaa-0111.02d2Organizational.2-02.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0111.02d2Organizational.2-02.d"
  },
- {2 items
  - name: "hipaa-01110.05a1Organizational.5-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01110.05a1Organizational.5-05.a"
  },
- {2 items
  - name: "hipaa-01111.05a2Organizational.5-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-01111.05a2Organizational.5-05.a"
  },
- {2 items
  - name: "hipaa-0112.02d2Organizational.3-02.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0112.02d2Organizational.3-02.d"
  },
- {2 items
  - name: "hipaa-0113.04a1Organizational.123-04.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0113.04a1Organizational.123-04.a"
  },
- {2 items
  - name: "hipaa-0114.04b1Organizational.1-04.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0114.04b1Organizational.1-04.b"
  },
- {2 items
  - name: "hipaa-0115.04b2Organizational.123-04.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0115.04b2Organizational.123-04.b"
  },
- {2 items
  - name: "hipaa-0116.04b3Organizational.1-04.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0116.04b3Organizational.1-04.b"
  },
- {2 items
  - name: "hipaa-0117.05a1Organizational.1-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0117.05a1Organizational.1-05.a"
  },
- {2 items
  - name: "hipaa-0118.05a1Organizational.2-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0118.05a1Organizational.2-05.a"
  },
- {2 items
  - name: "hipaa-0119.05a1Organizational.3-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0119.05a1Organizational.3-05.a"
  },
- {2 items
  - name: "hipaa-0120.05a1Organizational.4-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0120.05a1Organizational.4-05.a"
  },
- {2 items
  - name: "hipaa-0121.05a2Organizational.12-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0121.05a2Organizational.12-05.a"
  },
- {2 items
  - name: "hipaa-0122.05a2Organizational.3-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0122.05a2Organizational.3-05.a"
  },
- {2 items
  - name: "hipaa-0123.05a2Organizational.4-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0123.05a2Organizational.4-05.a"
  },
- {2 items
  - name: "hipaa-0124.05a3Organizational.1-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0124.05a3Organizational.1-05.a"
  },
- {2 items
  - name: "hipaa-0125.05a3Organizational.2-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0125.05a3Organizational.2-05.a"
  },
- {2 items
  - name: "hipaa-0135.02f1Organizational.56-02.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0135.02f1Organizational.56-02.f"
  },
- {2 items
  - name: "hipaa-0137.02a1Organizational.3-02.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0137.02a1Organizational.3-02.a"
  },
- {2 items
  - name: "hipaa-0162.04b1Organizational.2-04.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0162.04b1Organizational.2-04.b"
  },
- {2 items
  - name: "hipaa-0165.05a3Organizational.3-05.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0165.05a3Organizational.3-05.a"
  },
- {2 items
  - name: "hipaa-0177.05h1Organizational.12-05.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0177.05h1Organizational.12-05.h"
  },
- {2 items
  - name: "hipaa-0178.05h1Organizational.3-05.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0178.05h1Organizational.3-05.h"
  },
- {2 items
  - name: "hipaa-0179.05h1Organizational.4-05.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0179.05h1Organizational.4-05.h"
  },
- {2 items
  - name: "hipaa-0180.05h2Organizational.1-05.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0180.05h2Organizational.1-05.h"
  },
- {2 items
  - name: "hipaa-0197.02d2Organizational.4-02.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0197.02d2Organizational.4-02.d"
  },
- {2 items
  - name: "hipaa-0201.09j1Organizational.124-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0201.09j1Organizational.124-09.j"
  },
- {2 items
  - name: "hipaa-0202.09j1Organizational.3-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0202.09j1Organizational.3-09.j"
  },
- {2 items
  - name: "hipaa-0204.09j2Organizational.1-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0204.09j2Organizational.1-09.j"
  },
- {2 items
  - name: "hipaa-0205.09j2Organizational.2-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0205.09j2Organizational.2-09.j"
  },
- {2 items
  - name: "hipaa-0206.09j2Organizational.34-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0206.09j2Organizational.34-09.j"
  },
- {2 items
  - name: "hipaa-0207.09j2Organizational.56-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0207.09j2Organizational.56-09.j"
  },
- {2 items
  - name: "hipaa-0208.09j2Organizational.7-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0208.09j2Organizational.7-09.j"
  },
- {2 items
  - name: "hipaa-0209.09m3Organizational.7-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0209.09m3Organizational.7-09.m"
  },
- {2 items
  - name: "hipaa-0214.09j1Organizational.6-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0214.09j1Organizational.6-09.j"
  },
- {2 items
  - name: "hipaa-0215.09j2Organizational.8-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0215.09j2Organizational.8-09.j"
  },
- {2 items
  - name: "hipaa-0216.09j2Organizational.9-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0216.09j2Organizational.9-09.j"
  },
- {2 items
  - name: "hipaa-0217.09j2Organizational.10-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0217.09j2Organizational.10-09.j"
  },
- {2 items
  - name: "hipaa-0219.09j2Organizational.12-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0219.09j2Organizational.12-09.j"
  },
- {2 items
  - name: "hipaa-0225.09k1Organizational.1-09.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0225.09k1Organizational.1-09.k"
  },
- {2 items
  - name: "hipaa-0226.09k1Organizational.2-09.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0226.09k1Organizational.2-09.k"
  },
- {2 items
  - name: "hipaa-0227.09k2Organizational.12-09.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0227.09k2Organizational.12-09.k"
  },
- {2 items
  - name: "hipaa-0228.09k2Organizational.3-09.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0228.09k2Organizational.3-09.k"
  },
- {2 items
  - name: "hipaa-0301.09o1Organizational.123-09.o",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0301.09o1Organizational.123-09.o"
  },
- {2 items
  - name: "hipaa-0302.09o2Organizational.1-09.o",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0302.09o2Organizational.1-09.o"
  },
- {2 items
  - name: "hipaa-0303.09o2Organizational.2-09.o",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0303.09o2Organizational.2-09.o"
  },
- {2 items
  - name: "hipaa-0304.09o3Organizational.1-09.o",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0304.09o3Organizational.1-09.o"
  },
- {2 items
  - name: "hipaa-0305.09q1Organizational.12-09.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0305.09q1Organizational.12-09.q"
  },
- {2 items
  - name: "hipaa-0306.09q1Organizational.3-09.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0306.09q1Organizational.3-09.q"
  },
- {2 items
  - name: "hipaa-0307.09q2Organizational.12-09.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0307.09q2Organizational.12-09.q"
  },
- {2 items
  - name: "hipaa-0308.09q3Organizational.1-09.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0308.09q3Organizational.1-09.q"
  },
- {2 items
  - name: "hipaa-0314.09q3Organizational.2-09.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0314.09q3Organizational.2-09.q"
  },
- {2 items
  - name: "hipaa-0401.01x1System.124579-01.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0401.01x1System.124579-01.x"
  },
- {2 items
  - name: "hipaa-0403.01x1System.8-01.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0403.01x1System.8-01.x"
  },
- {2 items
  - name: "hipaa-0404.01x1System.1011-01.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0404.01x1System.1011-01.x"
  },
- {2 items
  - name: "hipaa-0405.01y1Organizational.12345678-01.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0405.01y1Organizational.12345678-01.y"
  },
- {2 items
  - name: "hipaa-0407.01y2Organizational.1-01.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0407.01y2Organizational.1-01.y"
  },
- {2 items
  - name: "hipaa-0408.01y3Organizational.12-01.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0408.01y3Organizational.12-01.y"
  },
- {2 items
  - name: "hipaa-0409.01y3Organizational.3-01.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0409.01y3Organizational.3-01.y"
  },
- {2 items
  - name: "hipaa-0410.01x1System.12-01.xMobileComputingandCommunications",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0410.01x1System.12-01.xMobileComputingandCommunications"
  },
- {2 items
  - name: "hipaa-0415.01y1Organizational.10-01.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0415.01y1Organizational.10-01.y"
  },
- {2 items
  - name: "hipaa-0416.01y3Organizational.4-01.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0416.01y3Organizational.4-01.y"
  },
- {2 items
  - name: "hipaa-0417.01y3Organizational.5-01.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0417.01y3Organizational.5-01.y"
  },
- {2 items
  - name: "hipaa-0425.01x1System.13-01.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0425.01x1System.13-01.x"
  },
- {2 items
  - name: "hipaa-0426.01x2System.1-01.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0426.01x2System.1-01.x"
  },
- {2 items
  - name: "hipaa-0427.01x2System.2-01.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0427.01x2System.2-01.x"
  },
- {2 items
  - name: "hipaa-0428.01x2System.3-01.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0428.01x2System.3-01.x"
  },
- {2 items
  - name: "hipaa-0429.01x1System.14-01.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0429.01x1System.14-01.x"
  },
- {2 items
  - name: "hipaa-0501.09m1Organizational.1-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0501.09m1Organizational.1-09.m"
  },
- {2 items
  - name: "hipaa-0502.09m1Organizational.5-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0502.09m1Organizational.5-09.m"
  },
- {2 items
  - name: "hipaa-0503.09m1Organizational.6-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0503.09m1Organizational.6-09.m"
  },
- {2 items
  - name: "hipaa-0504.09m2Organizational.5-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0504.09m2Organizational.5-09.m"
  },
- {2 items
  - name: "hipaa-0505.09m2Organizational.3-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0505.09m2Organizational.3-09.m"
  },
- {2 items
  - name: "hipaa-0601.06g1Organizational.124-06.g",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0601.06g1Organizational.124-06.g"
  },
- {2 items
  - name: "hipaa-0602.06g1Organizational.3-06.g",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0602.06g1Organizational.3-06.g"
  },
- {2 items
  - name: "hipaa-0603.06g2Organizational.1-06.g",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0603.06g2Organizational.1-06.g"
  },
- {2 items
  - name: "hipaa-0604.06g2Organizational.2-06.g",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0604.06g2Organizational.2-06.g"
  },
- {2 items
  - name: "hipaa-0605.10h1System.12-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0605.10h1System.12-10.h"
  },
- {2 items
  - name: "hipaa-0606.10h2System.1-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0606.10h2System.1-10.h"
  },
- {2 items
  - name: "hipaa-0607.10h2System.23-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0607.10h2System.23-10.h"
  },
- {2 items
  - name: "hipaa-0613.06h1Organizational.12-06.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0613.06h1Organizational.12-06.h"
  },
- {2 items
  - name: "hipaa-0614.06h2Organizational.12-06.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0614.06h2Organizational.12-06.h"
  },
- {2 items
  - name: "hipaa-0615.06h2Organizational.3-06.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0615.06h2Organizational.3-06.h"
  },
- {2 items
  - name: "hipaa-0618.09b1System.1-09.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0618.09b1System.1-09.b"
  },
- {2 items
  - name: "hipaa-0619.09b2System.12-09.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0619.09b2System.12-09.b"
  },
- {2 items
  - name: "hipaa-0620.09b2System.3-09.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0620.09b2System.3-09.b"
  },
- {2 items
  - name: "hipaa-0626.10h1System.3-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0626.10h1System.3-10.h"
  },
- {2 items
  - name: "hipaa-0627.10h1System.45-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0627.10h1System.45-10.h"
  },
- {2 items
  - name: "hipaa-0628.10h1System.6-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0628.10h1System.6-10.h"
  },
- {2 items
  - name: "hipaa-0629.10h2System.45-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0629.10h2System.45-10.h"
  },
- {2 items
  - name: "hipaa-0630.10h2System.6-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0630.10h2System.6-10.h"
  },
- {2 items
  - name: "hipaa-0635.10k1Organizational.12-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0635.10k1Organizational.12-10.k"
  },
- {2 items
  - name: "hipaa-0636.10k2Organizational.1-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0636.10k2Organizational.1-10.k"
  },
- {2 items
  - name: "hipaa-0637.10k2Organizational.2-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0637.10k2Organizational.2-10.k"
  },
- {2 items
  - name: "hipaa-0638.10k2Organizational.34569-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0638.10k2Organizational.34569-10.k"
  },
- {2 items
  - name: "hipaa-0639.10k2Organizational.78-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0639.10k2Organizational.78-10.k"
  },
- {2 items
  - name: "hipaa-0640.10k2Organizational.1012-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0640.10k2Organizational.1012-10.k"
  },
- {2 items
  - name: "hipaa-0641.10k2Organizational.11-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0641.10k2Organizational.11-10.k"
  },
- {2 items
  - name: "hipaa-0642.10k3Organizational.12-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0642.10k3Organizational.12-10.k"
  },
- {2 items
  - name: "hipaa-0643.10k3Organizational.3-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0643.10k3Organizational.3-10.k"
  },
- {2 items
  - name: "hipaa-0644.10k3Organizational.4-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0644.10k3Organizational.4-10.k"
  },
- {2 items
  - name: "hipaa-0662.09sCSPOrganizational.2-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0662.09sCSPOrganizational.2-09.s"
  },
- {2 items
  - name: "hipaa-0663.10h1System.7-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h1System.7-10.h"
  },
- {2 items
  - name: "hipaa-0663.10h2Organizational.9-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0663.10h2Organizational.9-10.h"
  },
- {2 items
  - name: "hipaa-0664.10h2Organizational.10-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0664.10h2Organizational.10-10.h"
  },
- {2 items
  - name: "hipaa-0669.10hCSPSystem.1-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0669.10hCSPSystem.1-10.h"
  },
- {2 items
  - name: "hipaa-0670.10hCSPSystem.2-10.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0670.10hCSPSystem.2-10.h"
  },
- {2 items
  - name: "hipaa-0671.10k1System.1-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0671.10k1System.1-10.k"
  },
- {2 items
  - name: "hipaa-0672.10k3System.5-10.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0672.10k3System.5-10.k"
  },
- {2 items
  - name: "hipaa-068.06g2Organizational.34-06.g",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-068.06g2Organizational.34-06.g"
  },
- {2 items
  - name: "hipaa-069.06g2Organizational.56-06.g",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-069.06g2Organizational.56-06.g"
  },
- {2 items
  - name: "hipaa-0701.07a1Organizational.12-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0701.07a1Organizational.12-07.a"
  },
- {2 items
  - name: "hipaa-0702.07a1Organizational.3-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0702.07a1Organizational.3-07.a"
  },
- {2 items
  - name: "hipaa-0703.07a2Organizational.1-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0703.07a2Organizational.1-07.a"
  },
- {2 items
  - name: "hipaa-0704.07a3Organizational.12-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0704.07a3Organizational.12-07.a"
  },
- {2 items
  - name: "hipaa-0705.07a3Organizational.3-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0705.07a3Organizational.3-07.a"
  },
- {2 items
  - name: "hipaa-0706.10b1System.12-10.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0706.10b1System.12-10.b"
  },
- {2 items
  - name: "hipaa-0707.10b2System.1-10.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0707.10b2System.1-10.b"
  },
- {2 items
  - name: "hipaa-0708.10b2System.2-10.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0708.10b2System.2-10.b"
  },
- {2 items
  - name: "hipaa-0709.10m1Organizational.1-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0709.10m1Organizational.1-10.m"
  },
- {2 items
  - name: "hipaa-0710.10m2Organizational.1-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0710.10m2Organizational.1-10.m"
  },
- {2 items
  - name: "hipaa-0711.10m2Organizational.23-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0711.10m2Organizational.23-10.m"
  },
- {2 items
  - name: "hipaa-0712.10m2Organizational.4-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0712.10m2Organizational.4-10.m"
  },
- {2 items
  - name: "hipaa-0713.10m2Organizational.5-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0713.10m2Organizational.5-10.m"
  },
- {2 items
  - name: "hipaa-0714.10m2Organizational.7-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0714.10m2Organizational.7-10.m"
  },
- {2 items
  - name: "hipaa-0715.10m2Organizational.8-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0715.10m2Organizational.8-10.m"
  },
- {2 items
  - name: "hipaa-0716.10m3Organizational.1-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0716.10m3Organizational.1-10.m"
  },
- {2 items
  - name: "hipaa-0717.10m3Organizational.2-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0717.10m3Organizational.2-10.m"
  },
- {2 items
  - name: "hipaa-0718.10m3Organizational.34-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0718.10m3Organizational.34-10.m"
  },
- {2 items
  - name: "hipaa-0719.10m3Organizational.5-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0719.10m3Organizational.5-10.m"
  },
- {2 items
  - name: "hipaa-0720.07a1Organizational.4-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0720.07a1Organizational.4-07.a"
  },
- {2 items
  - name: "hipaa-0721.07a1Organizational.5-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0721.07a1Organizational.5-07.a"
  },
- {2 items
  - name: "hipaa-0722.07a1Organizational.67-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0722.07a1Organizational.67-07.a"
  },
- {2 items
  - name: "hipaa-0723.07a1Organizational.8-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0723.07a1Organizational.8-07.a"
  },
- {2 items
  - name: "hipaa-0724.07a3Organizational.4-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0724.07a3Organizational.4-07.a"
  },
- {2 items
  - name: "hipaa-0725.07a3Organizational.5-07.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0725.07a3Organizational.5-07.a"
  },
- {2 items
  - name: "hipaa-0733.10b2System.4-10.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0733.10b2System.4-10.b"
  },
- {2 items
  - name: "hipaa-0786.10m2Organizational.13-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0786.10m2Organizational.13-10.m"
  },
- {2 items
  - name: "hipaa-0787.10m2Organizational.14-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0787.10m2Organizational.14-10.m"
  },
- {2 items
  - name: "hipaa-0788.10m3Organizational.20-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0788.10m3Organizational.20-10.m"
  },
- {2 items
  - name: "hipaa-0789.10m3Organizational.21-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0789.10m3Organizational.21-10.m"
  },
- {2 items
  - name: "hipaa-0790.10m3Organizational.22-10.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0790.10m3Organizational.22-10.m"
  },
- {2 items
  - name: "hipaa-0791.10b2Organizational.4-10.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0791.10b2Organizational.4-10.b"
  },
- {2 items
  - name: "hipaa-0805.01m1Organizational.12-01.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0805.01m1Organizational.12-01.m"
  },
- {2 items
  - name: "hipaa-0806.01m2Organizational.12356-01.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0806.01m2Organizational.12356-01.m"
  },
- {2 items
  - name: "hipaa-0808.10b2System.3-10.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0808.10b2System.3-10.b"
  },
- {2 items
  - name: "hipaa-0809.01n2Organizational.1234-01.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0809.01n2Organizational.1234-01.n"
  },
- {2 items
  - name: "hipaa-0810.01n2Organizational.5-01.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0810.01n2Organizational.5-01.n"
  },
- {2 items
  - name: "hipaa-08101.09m2Organizational.14-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08101.09m2Organizational.14-09.m"
  },
- {2 items
  - name: "hipaa-08102.09nCSPOrganizational.1-09.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-08102.09nCSPOrganizational.1-09.n"
  },
- {2 items
  - name: "hipaa-0811.01n2Organizational.6-01.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0811.01n2Organizational.6-01.n"
  },
- {2 items
  - name: "hipaa-0812.01n2Organizational.8-01.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0812.01n2Organizational.8-01.n"
  },
- {2 items
  - name: "hipaa-0814.01n1Organizational.12-01.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0814.01n1Organizational.12-01.n"
  },
- {2 items
  - name: "hipaa-0815.01o2Organizational.123-01.o",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0815.01o2Organizational.123-01.o"
  },
- {2 items
  - name: "hipaa-0816.01w1System.1-01.w",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0816.01w1System.1-01.w"
  },
- {2 items
  - name: "hipaa-0817.01w2System.123-01.w",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0817.01w2System.123-01.w"
  },
- {2 items
  - name: "hipaa-0818.01w3System.12-01.w",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0818.01w3System.12-01.w"
  },
- {2 items
  - name: "hipaa-0819.09m1Organizational.23-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0819.09m1Organizational.23-09.m"
  },
- {2 items
  - name: "hipaa-0820.09m2Organizational.1-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0820.09m2Organizational.1-09.m"
  },
- {2 items
  - name: "hipaa-0821.09m2Organizational.2-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0821.09m2Organizational.2-09.m"
  },
- {2 items
  - name: "hipaa-0822.09m2Organizational.4-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0822.09m2Organizational.4-09.m"
  },
- {2 items
  - name: "hipaa-0824.09m3Organizational.1-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0824.09m3Organizational.1-09.m"
  },
- {2 items
  - name: "hipaa-0825.09m3Organizational.23-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0825.09m3Organizational.23-09.m"
  },
- {2 items
  - name: "hipaa-0826.09m3Organizational.45-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0826.09m3Organizational.45-09.m"
  },
- {2 items
  - name: "hipaa-0827.09m3Organizational.6-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0827.09m3Organizational.6-09.m"
  },
- {2 items
  - name: "hipaa-0828.09m3Organizational.8-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0828.09m3Organizational.8-09.m"
  },
- {2 items
  - name: "hipaa-0829.09m3Organizational.911-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0829.09m3Organizational.911-09.m"
  },
- {2 items
  - name: "hipaa-0830.09m3Organizational.1012-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0830.09m3Organizational.1012-09.m"
  },
- {2 items
  - name: "hipaa-0832.09m3Organizational.14-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0832.09m3Organizational.14-09.m"
  },
- {2 items
  - name: "hipaa-0835.09n1Organizational.1-09.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0835.09n1Organizational.1-09.n"
  },
- {2 items
  - name: "hipaa-0836.09.n2Organizational.1-09.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0836.09.n2Organizational.1-09.n"
  },
- {2 items
  - name: "hipaa-0837.09.n2Organizational.2-09.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0837.09.n2Organizational.2-09.n"
  },
- {2 items
  - name: "hipaa-0850.01o1Organizational.12-01.o",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0850.01o1Organizational.12-01.o"
  },
- {2 items
  - name: "hipaa-0858.09m1Organizational.4-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0858.09m1Organizational.4-09.m"
  },
- {2 items
  - name: "hipaa-0859.09m1Organizational.78-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0859.09m1Organizational.78-09.m"
  },
- {2 items
  - name: "hipaa-0860.09m1Organizational.9-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0860.09m1Organizational.9-09.m"
  },
- {2 items
  - name: "hipaa-0861.09m2Organizational.67-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0861.09m2Organizational.67-09.m"
  },
- {2 items
  - name: "hipaa-0862.09m2Organizational.8-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0862.09m2Organizational.8-09.m"
  },
- {2 items
  - name: "hipaa-0863.09m2Organizational.910-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0863.09m2Organizational.910-09.m"
  },
- {2 items
  - name: "hipaa-0864.09m2Organizational.12-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0864.09m2Organizational.12-09.m"
  },
- {2 items
  - name: "hipaa-0865.09m2Organizational.13-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0865.09m2Organizational.13-09.m"
  },
- {2 items
  - name: "hipaa-0866.09m3Organizational.1516-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0866.09m3Organizational.1516-09.m"
  },
- {2 items
  - name: "hipaa-0867.09m3Organizational.17-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0867.09m3Organizational.17-09.m"
  },
- {2 items
  - name: "hipaa-0868.09m3Organizational.18-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0868.09m3Organizational.18-09.m"
  },
- {2 items
  - name: "hipaa-0869.09m3Organizational.19-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0869.09m3Organizational.19-09.m"
  },
- {2 items
  - name: "hipaa-0870.09m3Organizational.20-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0870.09m3Organizational.20-09.m"
  },
- {2 items
  - name: "hipaa-0871.09m3Organizational.22-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0871.09m3Organizational.22-09.m"
  },
- {2 items
  - name: "hipaa-0885.09n2Organizational.3-09.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0885.09n2Organizational.3-09.n"
  },
- {2 items
  - name: "hipaa-0886.09n2Organizational.4-09.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0886.09n2Organizational.4-09.n"
  },
- {2 items
  - name: "hipaa-0887.09n2Organizational.5-09.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0887.09n2Organizational.5-09.n"
  },
- {2 items
  - name: "hipaa-0888.09n2Organizational.6-09.n",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0888.09n2Organizational.6-09.n"
  },
- {2 items
  - name: "hipaa-0894.01m2Organizational.7-01.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0894.01m2Organizational.7-01.m"
  },
- {2 items
  - name: "hipaa-0901.09s1Organizational.1-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0901.09s1Organizational.1-09.s"
  },
- {2 items
  - name: "hipaa-0902.09s2Organizational.13-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0902.09s2Organizational.13-09.s"
  },
- {2 items
  - name: "hipaa-0903.10f1Organizational.1-10.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0903.10f1Organizational.1-10.f"
  },
- {2 items
  - name: "hipaa-0904.10f2Organizational.1-10.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0904.10f2Organizational.1-10.f"
  },
- {2 items
  - name: "hipaa-0911.09s1Organizational.2-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0911.09s1Organizational.2-09.s"
  },
- {2 items
  - name: "hipaa-0912.09s1Organizational.4-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0912.09s1Organizational.4-09.s"
  },
- {2 items
  - name: "hipaa-0913.09s1Organizational.5-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0913.09s1Organizational.5-09.s"
  },
- {2 items
  - name: "hipaa-0914.09s1Organizational.6-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0914.09s1Organizational.6-09.s"
  },
- {2 items
  - name: "hipaa-0915.09s2Organizational.2-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0915.09s2Organizational.2-09.s"
  },
- {2 items
  - name: "hipaa-0916.09s2Organizational.4-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0916.09s2Organizational.4-09.s"
  },
- {2 items
  - name: "hipaa-0925.09v1Organizational.1-09.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0925.09v1Organizational.1-09.v"
  },
- {2 items
  - name: "hipaa-0926.09v1Organizational.2-09.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0926.09v1Organizational.2-09.v"
  },
- {2 items
  - name: "hipaa-0927.09v1Organizational.3-09.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0927.09v1Organizational.3-09.v"
  },
- {2 items
  - name: "hipaa-0928.09v1Organizational.45-09.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0928.09v1Organizational.45-09.v"
  },
- {2 items
  - name: "hipaa-0929.09v1Organizational.6-09.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0929.09v1Organizational.6-09.v"
  },
- {2 items
  - name: "hipaa-0938.09x1Organizational.1-09.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0938.09x1Organizational.1-09.x"
  },
- {2 items
  - name: "hipaa-0939.09x2Organizational.12-09.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0939.09x2Organizational.12-09.x"
  },
- {2 items
  - name: "hipaa-0940.09x2Organizational.3-09.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0940.09x2Organizational.3-09.x"
  },
- {2 items
  - name: "hipaa-0941.09x2Organizational.4-09.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0941.09x2Organizational.4-09.x"
  },
- {2 items
  - name: "hipaa-0942.09x2Organizational.5-09.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0942.09x2Organizational.5-09.x"
  },
- {2 items
  - name: "hipaa-0943.09y1Organizational.1-09.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0943.09y1Organizational.1-09.y"
  },
- {2 items
  - name: "hipaa-0944.09y1Organizational.2-09.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0944.09y1Organizational.2-09.y"
  },
- {2 items
  - name: "hipaa-0945.09y1Organizational.3-09.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0945.09y1Organizational.3-09.y"
  },
- {2 items
  - name: "hipaa-0946.09y2Organizational.14-09.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0946.09y2Organizational.14-09.y"
  },
- {2 items
  - name: "hipaa-0947.09y2Organizational.2-09.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0947.09y2Organizational.2-09.y"
  },
- {2 items
  - name: "hipaa-0948.09y2Organizational.3-09.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0948.09y2Organizational.3-09.y"
  },
- {2 items
  - name: "hipaa-0949.09y2Organizational.5-09.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0949.09y2Organizational.5-09.y"
  },
- {2 items
  - name: "hipaa-0960.09sCSPOrganizational.1-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0960.09sCSPOrganizational.1-09.s"
  },
- {2 items
  - name: "hipaa-0961.09v1Organizational.7-09.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-0961.09v1Organizational.7-09.v"
  },
- {2 items
  - name: "hipaa-099.09m2Organizational.11-09.m",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-099.09m2Organizational.11-09.m"
  },
- {2 items
  - name: "hipaa-1002.01d1System.1-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1002.01d1System.1-01.d"
  },
- {2 items
  - name: "hipaa-1003.01d1System.3-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1003.01d1System.3-01.d"
  },
- {2 items
  - name: "hipaa-1004.01d1System.8913-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1004.01d1System.8913-01.d"
  },
- {2 items
  - name: "hipaa-1005.01d1System.1011-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1005.01d1System.1011-01.d"
  },
- {2 items
  - name: "hipaa-1006.01d2System.1-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1006.01d2System.1-01.d"
  },
- {2 items
  - name: "hipaa-1007.01d2System.2-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1007.01d2System.2-01.d"
  },
- {2 items
  - name: "hipaa-1008.01d2System.3-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1008.01d2System.3-01.d"
  },
- {2 items
  - name: "hipaa-1009.01d2System.4-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1009.01d2System.4-01.d"
  },
- {2 items
  - name: "hipaa-1010.01d2System.5-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1010.01d2System.5-01.d"
  },
- {2 items
  - name: "hipaa-1014.01d1System.12-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1014.01d1System.12-01.d"
  },
- {2 items
  - name: "hipaa-1015.01d1System.14-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1015.01d1System.14-01.d"
  },
- {2 items
  - name: "hipaa-1022.01d1System.15-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1022.01d1System.15-01.d"
  },
- {2 items
  - name: "hipaa-1027.01d2System.6-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1027.01d2System.6-01.d"
  },
- {2 items
  - name: "hipaa-1031.01d1System.34510-01.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1031.01d1System.34510-01.d"
  },
- {2 items
  - name: "hipaa-1106.01b1System.1-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1106.01b1System.1-01.b"
  },
- {2 items
  - name: "hipaa-1107.01b1System.2-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1107.01b1System.2-01.b"
  },
- {2 items
  - name: "hipaa-1108.01b1System.3-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1108.01b1System.3-01.b"
  },
- {2 items
  - name: "hipaa-1109.01b1System.479-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1109.01b1System.479-01.b"
  },
- {2 items
  - name: "hipaa-1110.01b1System.5-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1110.01b1System.5-01.b"
  },
- {2 items
  - name: "hipaa-11109.01q1Organizational.57-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11109.01q1Organizational.57-01.q"
  },
- {2 items
  - name: "hipaa-1111.01b2System.1-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1111.01b2System.1-01.b"
  },
- {2 items
  - name: "hipaa-11110.01q1Organizational.6-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11110.01q1Organizational.6-01.q"
  },
- {2 items
  - name: "hipaa-11111.01q2System.4-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11111.01q2System.4-01.q"
  },
- {2 items
  - name: "hipaa-11112.01q2Organizational.67-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11112.01q2Organizational.67-01.q"
  },
- {2 items
  - name: "hipaa-1112.01b2System.2-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1112.01b2System.2-01.b"
  },
- {2 items
  - name: "hipaa-11126.01t1Organizational.12-01.t",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11126.01t1Organizational.12-01.t"
  },
- {2 items
  - name: "hipaa-1114.01h1Organizational.123-01.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1114.01h1Organizational.123-01.h"
  },
- {2 items
  - name: "hipaa-1115.01h1Organizational.45-01.h",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1115.01h1Organizational.45-01.h"
  },
- {2 items
  - name: "hipaa-11154.02i1Organizational.5-02.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11154.02i1Organizational.5-02.i"
  },
- {2 items
  - name: "hipaa-11155.02i2Organizational.2-02.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11155.02i2Organizational.2-02.i"
  },
- {2 items
  - name: "hipaa-1116.01j1Organizational.145-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1116.01j1Organizational.145-01.j"
  },
- {2 items
  - name: "hipaa-1117.01j1Organizational.23-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1117.01j1Organizational.23-01.j"
  },
- {2 items
  - name: "hipaa-1118.01j2Organizational.124-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1118.01j2Organizational.124-01.j"
  },
- {2 items
  - name: "hipaa-11180.01c3System.6-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11180.01c3System.6-01.c"
  },
- {2 items
  - name: "hipaa-1119.01j2Organizational.3-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1119.01j2Organizational.3-01.j"
  },
- {2 items
  - name: "hipaa-11190.01t1Organizational.3-01.t",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11190.01t1Organizational.3-01.t"
  },
- {2 items
  - name: "hipaa-1120.09ab3System.9-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1120.09ab3System.9-09.ab"
  },
- {2 items
  - name: "hipaa-11200.01b2Organizational.3-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11200.01b2Organizational.3-01.b"
  },
- {2 items
  - name: "hipaa-11208.01q1Organizational.8-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11208.01q1Organizational.8-01.q"
  },
- {2 items
  - name: "hipaa-11209.01q2Organizational.9-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11209.01q2Organizational.9-01.q"
  },
- {2 items
  - name: "hipaa-1121.01j3Organizational.2-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1121.01j3Organizational.2-01.j"
  },
- {2 items
  - name: "hipaa-11210.01q2Organizational.10-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11210.01q2Organizational.10-01.q"
  },
- {2 items
  - name: "hipaa-11211.01q2Organizational.11-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11211.01q2Organizational.11-01.q"
  },
- {2 items
  - name: "hipaa-11219.01b1Organizational.10-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11219.01b1Organizational.10-01.b"
  },
- {2 items
  - name: "hipaa-1122.01q1System.1-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1122.01q1System.1-01.q"
  },
- {2 items
  - name: "hipaa-11220.01b1System.10-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-11220.01b1System.10-01.b"
  },
- {2 items
  - name: "hipaa-1123.01q1System.2-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1123.01q1System.2-01.q"
  },
- {2 items
  - name: "hipaa-1124.01q1System.34-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1124.01q1System.34-01.q"
  },
- {2 items
  - name: "hipaa-1125.01q2System.1-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1125.01q2System.1-01.q"
  },
- {2 items
  - name: "hipaa-1127.01q2System.3-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1127.01q2System.3-01.q"
  },
- {2 items
  - name: "hipaa-1128.01q2System.5-01.q",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1128.01q2System.5-01.q"
  },
- {2 items
  - name: "hipaa-1129.01v1System.12-01.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1129.01v1System.12-01.v"
  },
- {2 items
  - name: "hipaa-1130.01v2System.1-01.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1130.01v2System.1-01.v"
  },
- {2 items
  - name: "hipaa-1131.01v2System.2-01.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1131.01v2System.2-01.v"
  },
- {2 items
  - name: "hipaa-1132.01v2System.3-01.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1132.01v2System.3-01.v"
  },
- {2 items
  - name: "hipaa-1133.01v2System.4-01.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1133.01v2System.4-01.v"
  },
- {2 items
  - name: "hipaa-1134.01v3System.1-01.v",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1134.01v3System.1-01.v"
  },
- {2 items
  - name: "hipaa-1135.02i1Organizational.1234-02.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1135.02i1Organizational.1234-02.i"
  },
- {2 items
  - name: "hipaa-1136.02i2Organizational.1-02.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1136.02i2Organizational.1-02.i"
  },
- {2 items
  - name: "hipaa-1137.06e1Organizational.1-06.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1137.06e1Organizational.1-06.e"
  },
- {2 items
  - name: "hipaa-1138.06e2Organizational.12-06.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1138.06e2Organizational.12-06.e"
  },
- {2 items
  - name: "hipaa-1139.01b1System.68-01.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1139.01b1System.68-01.b"
  },
- {2 items
  - name: "hipaa-1143.01c1System.123-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1143.01c1System.123-01.c"
  },
- {2 items
  - name: "hipaa-1144.01c1System.4-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1144.01c1System.4-01.c"
  },
- {2 items
  - name: "hipaa-1145.01c2System.1-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1145.01c2System.1-01.c"
  },
- {2 items
  - name: "hipaa-1146.01c2System.23-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1146.01c2System.23-01.c"
  },
- {2 items
  - name: "hipaa-1147.01c2System.456-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1147.01c2System.456-01.c"
  },
- {2 items
  - name: "hipaa-1148.01c2System.78-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1148.01c2System.78-01.c"
  },
- {2 items
  - name: "hipaa-1149.01c2System.9-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1149.01c2System.9-01.c"
  },
- {2 items
  - name: "hipaa-1150.01c2System.10-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1150.01c2System.10-01.c"
  },
- {2 items
  - name: "hipaa-1151.01c3System.1-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1151.01c3System.1-01.c"
  },
- {2 items
  - name: "hipaa-1152.01c3System.2-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1152.01c3System.2-01.c"
  },
- {2 items
  - name: "hipaa-1153.01c3System.35-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1153.01c3System.35-01.c"
  },
- {2 items
  - name: "hipaa-1154.01c3System.4-01.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1154.01c3System.4-01.c"
  },
- {2 items
  - name: "hipaa-1166.01e1System.12-01.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1166.01e1System.12-01.e"
  },
- {2 items
  - name: "hipaa-1167.01e2System.1-01.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1167.01e2System.1-01.e"
  },
- {2 items
  - name: "hipaa-1168.01e2System.2-01.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1168.01e2System.2-01.e"
  },
- {2 items
  - name: "hipaa-1173.01j1Organizational.6-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1173.01j1Organizational.6-01.j"
  },
- {2 items
  - name: "hipaa-1174.01j1Organizational.7-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1174.01j1Organizational.7-01.j"
  },
- {2 items
  - name: "hipaa-1175.01j1Organizational.8-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1175.01j1Organizational.8-01.j"
  },
- {2 items
  - name: "hipaa-1176.01j2Organizational.5-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1176.01j2Organizational.5-01.j"
  },
- {2 items
  - name: "hipaa-1177.01j2Organizational.6-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1177.01j2Organizational.6-01.j"
  },
- {2 items
  - name: "hipaa-1178.01j2Organizational.7-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1178.01j2Organizational.7-01.j"
  },
- {2 items
  - name: "hipaa-1179.01j3Organizational.1-01.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1179.01j3Organizational.1-01.j"
  },
- {2 items
  - name: "hipaa-1192.01l1Organizational.1-01.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1192.01l1Organizational.1-01.l"
  },
- {2 items
  - name: "hipaa-1193.01l2Organizational.13-01.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1193.01l2Organizational.13-01.l"
  },
- {2 items
  - name: "hipaa-1194.01l2Organizational.2-01.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1194.01l2Organizational.2-01.l"
  },
- {2 items
  - name: "hipaa-1195.01l3Organizational.1-01.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1195.01l3Organizational.1-01.l"
  },
- {2 items
  - name: "hipaa-1196.01l3Organizational.24-01.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1196.01l3Organizational.24-01.l"
  },
- {2 items
  - name: "hipaa-1197.01l3Organizational.3-01.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1197.01l3Organizational.3-01.l"
  },
- {2 items
  - name: "hipaa-1201.06e1Organizational.2-06.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1201.06e1Organizational.2-06.e"
  },
- {2 items
  - name: "hipaa-1202.09aa1System.1-09.aa",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1202.09aa1System.1-09.aa"
  },
- {2 items
  - name: "hipaa-1203.09aa1System.2-09.aa",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1203.09aa1System.2-09.aa"
  },
- {2 items
  - name: "hipaa-1204.09aa1System.3-09.aa",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1204.09aa1System.3-09.aa"
  },
- {2 items
  - name: "hipaa-1205.09aa2System.1-09.aa",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1205.09aa2System.1-09.aa"
  },
- {2 items
  - name: "hipaa-1206.09aa2System.23-09.aa",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1206.09aa2System.23-09.aa"
  },
- {2 items
  - name: "hipaa-1207.09aa2System.4-09.aa",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1207.09aa2System.4-09.aa"
  },
- {2 items
  - name: "hipaa-1208.09aa3System.1-09.aa",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1208.09aa3System.1-09.aa"
  },
- {2 items
  - name: "hipaa-1209.09aa3System.2-09.aa",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1209.09aa3System.2-09.aa"
  },
- {2 items
  - name: "hipaa-1210.09aa3System.3-09.aa",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1210.09aa3System.3-09.aa"
  },
- {2 items
  - name: "hipaa-12100.09ab2System.15-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12100.09ab2System.15-09.ab"
  },
- {2 items
  - name: "hipaa-12101.09ab1Organizational.3-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12101.09ab1Organizational.3-09.ab"
  },
- {2 items
  - name: "hipaa-12102.09ab1Organizational.4-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12102.09ab1Organizational.4-09.ab"
  },
- {2 items
  - name: "hipaa-12103.09ab1Organizational.5-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-12103.09ab1Organizational.5-09.ab"
  },
- {2 items
  - name: "hipaa-1211.09aa3System.4-09.aa",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1211.09aa3System.4-09.aa"
  },
- {2 items
  - name: "hipaa-1212.09ab1System.1-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1212.09ab1System.1-09.ab"
  },
- {2 items
  - name: "hipaa-1213.09ab2System.128-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1213.09ab2System.128-09.ab"
  },
- {2 items
  - name: "hipaa-1214.09ab2System.3456-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1214.09ab2System.3456-09.ab"
  },
- {2 items
  - name: "hipaa-1215.09ab2System.7-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1215.09ab2System.7-09.ab"
  },
- {2 items
  - name: "hipaa-1216.09ab3System.12-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1216.09ab3System.12-09.ab"
  },
- {2 items
  - name: "hipaa-1217.09ab3System.3-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1217.09ab3System.3-09.ab"
  },
- {2 items
  - name: "hipaa-1218.09ab3System.47-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1218.09ab3System.47-09.ab"
  },
- {2 items
  - name: "hipaa-1219.09ab3System.10-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1219.09ab3System.10-09.ab"
  },
- {2 items
  - name: "hipaa-1220.09ab3System.56-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1220.09ab3System.56-09.ab"
  },
- {2 items
  - name: "hipaa-1222.09ab3System.8-09.ab",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1222.09ab3System.8-09.ab"
  },
- {2 items
  - name: "hipaa-1229.09c1Organizational.1-09.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1229.09c1Organizational.1-09.c"
  },
- {2 items
  - name: "hipaa-1230.09c2Organizational.1-09.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1230.09c2Organizational.1-09.c"
  },
- {2 items
  - name: "hipaa-1231.09c2Organizational.23-09.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1231.09c2Organizational.23-09.c"
  },
- {2 items
  - name: "hipaa-1232.09c3Organizational.12-09.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1232.09c3Organizational.12-09.c"
  },
- {2 items
  - name: "hipaa-1233.09c3Organizational.3-09.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1233.09c3Organizational.3-09.c"
  },
- {2 items
  - name: "hipaa-1270.09ad1System.12-09.ad",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1270.09ad1System.12-09.ad"
  },
- {2 items
  - name: "hipaa-1271.09ad1System.1-09.ad",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1271.09ad1System.1-09.ad"
  },
- {2 items
  - name: "hipaa-1271.09ad2System.1",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1271.09ad2System.1"
  },
- {2 items
  - name: "hipaa-1276.09c2Organizational.2-09.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1276.09c2Organizational.2-09.c"
  },
- {2 items
  - name: "hipaa-1277.09c2Organizational.4-09.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1277.09c2Organizational.4-09.c"
  },
- {2 items
  - name: "hipaa-1278.09c2Organizational.56-09.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1278.09c2Organizational.56-09.c"
  },
- {2 items
  - name: "hipaa-1279.09c3Organizational.4-09.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1279.09c3Organizational.4-09.c"
  },
- {2 items
  - name: "hipaa-1301.02e1Organizational.12-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1301.02e1Organizational.12-02.e"
  },
- {2 items
  - name: "hipaa-1302.02e2Organizational.134-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1302.02e2Organizational.134-02.e"
  },
- {2 items
  - name: "hipaa-1303.02e2Organizational.2-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1303.02e2Organizational.2-02.e"
  },
- {2 items
  - name: "hipaa-1304.02e3Organizational.1-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1304.02e3Organizational.1-02.e"
  },
- {2 items
  - name: "hipaa-1305.02e3Organizational.23-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1305.02e3Organizational.23-02.e"
  },
- {2 items
  - name: "hipaa-1306.06e1Organizational.5-06.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1306.06e1Organizational.5-06.e"
  },
- {2 items
  - name: "hipaa-1307.07c1Organizational.124-07.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1307.07c1Organizational.124-07.c"
  },
- {2 items
  - name: "hipaa-1308.09j1Organizational.5-09.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1308.09j1Organizational.5-09.j"
  },
- {2 items
  - name: "hipaa-1309.01x1System.36-01.x",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1309.01x1System.36-01.x"
  },
- {2 items
  - name: "hipaa-1310.01y1Organizational.9-01.y",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1310.01y1Organizational.9-01.y"
  },
- {2 items
  - name: "hipaa-1311.12c2Organizational.3-12.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1311.12c2Organizational.3-12.c"
  },
- {2 items
  - name: "hipaa-1313.02e1Organizational.3-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1313.02e1Organizational.3-02.e"
  },
- {2 items
  - name: "hipaa-1314.02e2Organizational.5-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1314.02e2Organizational.5-02.e"
  },
- {2 items
  - name: "hipaa-1315.02e2Organizational.67-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1315.02e2Organizational.67-02.e"
  },
- {2 items
  - name: "hipaa-1324.07c1Organizational.3-07.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1324.07c1Organizational.3-07.c"
  },
- {2 items
  - name: "hipaa-1325.09s1Organizational.3-09.s",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1325.09s1Organizational.3-09.s"
  },
- {2 items
  - name: "hipaa-1326.02e1Organizational.4-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1326.02e1Organizational.4-02.e"
  },
- {2 items
  - name: "hipaa-1327.02e2Organizational.8-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1327.02e2Organizational.8-02.e"
  },
- {2 items
  - name: "hipaa-1331.02e3Organizational.4-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1331.02e3Organizational.4-02.e"
  },
- {2 items
  - name: "hipaa-1334.02e2Organizational.12-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1334.02e2Organizational.12-02.e"
  },
- {2 items
  - name: "hipaa-1336.02e1Organizational.5-02.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1336.02e1Organizational.5-02.e"
  },
- {2 items
  - name: "hipaa-1401.05i1Organizational.1239-05.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1401.05i1Organizational.1239-05.i"
  },
- {2 items
  - name: "hipaa-1402.05i1Organizational.45-05.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1402.05i1Organizational.45-05.i"
  },
- {2 items
  - name: "hipaa-1403.05i1Organizational.67-05.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1403.05i1Organizational.67-05.i"
  },
- {2 items
  - name: "hipaa-1404.05i2Organizational.1-05.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1404.05i2Organizational.1-05.i"
  },
- {2 items
  - name: "hipaa-1406.05k1Organizational.110-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1406.05k1Organizational.110-05.k"
  },
- {2 items
  - name: "hipaa-1407.05k2Organizational.1-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1407.05k2Organizational.1-05.k"
  },
- {2 items
  - name: "hipaa-1408.09e1System.1-09.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1408.09e1System.1-09.e"
  },
- {2 items
  - name: "hipaa-1409.09e2System.1-09.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1409.09e2System.1-09.e"
  },
- {2 items
  - name: "hipaa-1410.09e2System.23-09.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1410.09e2System.23-09.e"
  },
- {2 items
  - name: "hipaa-1411.09f1System.1-09.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1411.09f1System.1-09.f"
  },
- {2 items
  - name: "hipaa-1412.09f2System.12-09.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1412.09f2System.12-09.f"
  },
- {2 items
  - name: "hipaa-1413.09f2System.3-09.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1413.09f2System.3-09.f"
  },
- {2 items
  - name: "hipaa-1416.10l1Organizational.1-10.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1416.10l1Organizational.1-10.l"
  },
- {2 items
  - name: "hipaa-1417.10l2Organizational.1-10.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1417.10l2Organizational.1-10.l"
  },
- {2 items
  - name: "hipaa-1418.05i1Organizational.8-05.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1418.05i1Organizational.8-05.i"
  },
- {2 items
  - name: "hipaa-1419.05j1Organizational.12-05.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1419.05j1Organizational.12-05.j"
  },
- {2 items
  - name: "hipaa-1421.05j2Organizational.12-05.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1421.05j2Organizational.12-05.j"
  },
- {2 items
  - name: "hipaa-1422.05j2Organizational.3-05.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1422.05j2Organizational.3-05.j"
  },
- {2 items
  - name: "hipaa-1423.05j2Organizational.4-05.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1423.05j2Organizational.4-05.j"
  },
- {2 items
  - name: "hipaa-1424.05j2Organizational.5-05.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1424.05j2Organizational.5-05.j"
  },
- {2 items
  - name: "hipaa-1428.05k1Organizational.2-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1428.05k1Organizational.2-05.k"
  },
- {2 items
  - name: "hipaa-1429.05k1Organizational.34-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1429.05k1Organizational.34-05.k"
  },
- {2 items
  - name: "hipaa-1430.05k1Organizational.56-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1430.05k1Organizational.56-05.k"
  },
- {2 items
  - name: "hipaa-1431.05k1Organizational.7-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1431.05k1Organizational.7-05.k"
  },
- {2 items
  - name: "hipaa-1432.05k1Organizational.89-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1432.05k1Organizational.89-05.k"
  },
- {2 items
  - name: "hipaa-1438.09e2System.4-09.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1438.09e2System.4-09.e"
  },
- {2 items
  - name: "hipaa-1442.09f2System.456-09.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1442.09f2System.456-09.f"
  },
- {2 items
  - name: "hipaa-1450.05i2Organizational.2-05.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1450.05i2Organizational.2-05.i"
  },
- {2 items
  - name: "hipaa-1451.05iCSPOrganizational.2-05.i",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1451.05iCSPOrganizational.2-05.i"
  },
- {2 items
  - name: "hipaa-1452.05kCSPOrganizational.1-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1452.05kCSPOrganizational.1-05.k"
  },
- {2 items
  - name: "hipaa-1453.05kCSPOrganizational.2-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1453.05kCSPOrganizational.2-05.k"
  },
- {2 items
  - name: "hipaa-1454.05kCSPOrganizational.3-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1454.05kCSPOrganizational.3-05.k"
  },
- {2 items
  - name: "hipaa-1455.05kCSPOrganizational.4-05.k",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1455.05kCSPOrganizational.4-05.k"
  },
- {2 items
  - name: "hipaa-1464.09e2Organizational.5-09.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1464.09e2Organizational.5-09.e"
  },
- {2 items
  - name: "hipaa-1501.02f1Organizational.123-02.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1501.02f1Organizational.123-02.f"
  },
- {2 items
  - name: "hipaa-1502.02f1Organizational.4-02.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1502.02f1Organizational.4-02.f"
  },
- {2 items
  - name: "hipaa-1503.02f2Organizational.12-02.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1503.02f2Organizational.12-02.f"
  },
- {2 items
  - name: "hipaa-1504.06e1Organizational.34-06.e",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1504.06e1Organizational.34-06.e"
  },
- {2 items
  - name: "hipaa-1505.11a1Organizational.13-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1505.11a1Organizational.13-11.a"
  },
- {2 items
  - name: "hipaa-1506.11a1Organizational.2-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1506.11a1Organizational.2-11.a"
  },
- {2 items
  - name: "hipaa-1507.11a1Organizational.4-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1507.11a1Organizational.4-11.a"
  },
- {2 items
  - name: "hipaa-1508.11a2Organizational.1-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1508.11a2Organizational.1-11.a"
  },
- {2 items
  - name: "hipaa-1509.11a2Organizational.236-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1509.11a2Organizational.236-11.a"
  },
- {2 items
  - name: "hipaa-1510.11a2Organizational.47-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1510.11a2Organizational.47-11.a"
  },
- {2 items
  - name: "hipaa-1511.11a2Organizational.5-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1511.11a2Organizational.5-11.a"
  },
- {2 items
  - name: "hipaa-1512.11a2Organizational.8-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1512.11a2Organizational.8-11.a"
  },
- {2 items
  - name: "hipaa-1514.11a3Organizational.12-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1514.11a3Organizational.12-11.a"
  },
- {2 items
  - name: "hipaa-1515.11a3Organizational.3-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1515.11a3Organizational.3-11.a"
  },
- {2 items
  - name: "hipaa-1516.11c1Organizational.12-11.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1516.11c1Organizational.12-11.c"
  },
- {2 items
  - name: "hipaa-1517.11c1Organizational.3-11.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1517.11c1Organizational.3-11.c"
  },
- {2 items
  - name: "hipaa-1518.11c2Organizational.13-11.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1518.11c2Organizational.13-11.c"
  },
- {2 items
  - name: "hipaa-1519.11c2Organizational.2-11.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1519.11c2Organizational.2-11.c"
  },
- {2 items
  - name: "hipaa-1520.11c2Organizational.4-11.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1520.11c2Organizational.4-11.c"
  },
- {2 items
  - name: "hipaa-1521.11c2Organizational.56-11.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1521.11c2Organizational.56-11.c"
  },
- {2 items
  - name: "hipaa-1522.11c3Organizational.13-11.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1522.11c3Organizational.13-11.c"
  },
- {2 items
  - name: "hipaa-1523.11c3Organizational.24-11.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1523.11c3Organizational.24-11.c"
  },
- {2 items
  - name: "hipaa-1524.11a1Organizational.5-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1524.11a1Organizational.5-11.a"
  },
- {2 items
  - name: "hipaa-1525.11a1Organizational.6-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1525.11a1Organizational.6-11.a"
  },
- {2 items
  - name: "hipaa-1560.11d1Organizational.1-11.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1560.11d1Organizational.1-11.d"
  },
- {2 items
  - name: "hipaa-1561.11d2Organizational.14-11.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1561.11d2Organizational.14-11.d"
  },
- {2 items
  - name: "hipaa-1562.11d2Organizational.2-11.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1562.11d2Organizational.2-11.d"
  },
- {2 items
  - name: "hipaa-1563.11d2Organizational.3-11.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1563.11d2Organizational.3-11.d"
  },
- {2 items
  - name: "hipaa-1577.11aCSPOrganizational.1-11.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1577.11aCSPOrganizational.1-11.a"
  },
- {2 items
  - name: "hipaa-1581.02f1Organizational.7-02.f",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1581.02f1Organizational.7-02.f"
  },
- {2 items
  - name: "hipaa-1587.11c2Organizational.10-11.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1587.11c2Organizational.10-11.c"
  },
- {2 items
  - name: "hipaa-1589.11c1Organizational.5-11.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1589.11c1Organizational.5-11.c"
  },
- {2 items
  - name: "hipaa-1601.12c1Organizational.1238-12.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1601.12c1Organizational.1238-12.c"
  },
- {2 items
  - name: "hipaa-1602.12c1Organizational.4567-12.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1602.12c1Organizational.4567-12.c"
  },
- {2 items
  - name: "hipaa-1603.12c1Organizational.9-12.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1603.12c1Organizational.9-12.c"
  },
- {2 items
  - name: "hipaa-1604.12c2Organizational.16789-12.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1604.12c2Organizational.16789-12.c"
  },
- {2 items
  - name: "hipaa-1605.12c2Organizational.2-12.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1605.12c2Organizational.2-12.c"
  },
- {2 items
  - name: "hipaa-1607.12c2Organizational.4-12.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1607.12c2Organizational.4-12.c"
  },
- {2 items
  - name: "hipaa-1608.12c2Organizational.5-12.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1608.12c2Organizational.5-12.c"
  },
- {2 items
  - name: "hipaa-1609.12c3Organizational.12-12.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1609.12c3Organizational.12-12.c"
  },
- {2 items
  - name: "hipaa-1616.09l1Organizational.16-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1616.09l1Organizational.16-09.l"
  },
- {2 items
  - name: "hipaa-1617.09l1Organizational.23-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1617.09l1Organizational.23-09.l"
  },
- {2 items
  - name: "hipaa-1618.09l1Organizational.45-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1618.09l1Organizational.45-09.l"
  },
- {2 items
  - name: "hipaa-1619.09l1Organizational.7-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1619.09l1Organizational.7-09.l"
  },
- {2 items
  - name: "hipaa-1620.09l1Organizational.8-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1620.09l1Organizational.8-09.l"
  },
- {2 items
  - name: "hipaa-1621.09l2Organizational.1-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1621.09l2Organizational.1-09.l"
  },
- {2 items
  - name: "hipaa-1622.09l2Organizational.23-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1622.09l2Organizational.23-09.l"
  },
- {2 items
  - name: "hipaa-1623.09l2Organizational.4-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1623.09l2Organizational.4-09.l"
  },
- {2 items
  - name: "hipaa-1624.09l3Organizational.12-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1624.09l3Organizational.12-09.l"
  },
- {2 items
  - name: "hipaa-1625.09l3Organizational.34-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1625.09l3Organizational.34-09.l"
  },
- {2 items
  - name: "hipaa-1626.09l3Organizational.5-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1626.09l3Organizational.5-09.l"
  },
- {2 items
  - name: "hipaa-1627.09l3Organizational.6-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1627.09l3Organizational.6-09.l"
  },
- {2 items
  - name: "hipaa-1634.12b1Organizational.1-12.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1634.12b1Organizational.1-12.b"
  },
- {2 items
  - name: "hipaa-1635.12b1Organizational.2-12.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1635.12b1Organizational.2-12.b"
  },
- {2 items
  - name: "hipaa-1636.12b2Organizational.1-12.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1636.12b2Organizational.1-12.b"
  },
- {2 items
  - name: "hipaa-1637.12b2Organizational.2-12.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1637.12b2Organizational.2-12.b"
  },
- {2 items
  - name: "hipaa-1638.12b2Organizational.345-12.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1638.12b2Organizational.345-12.b"
  },
- {2 items
  - name: "hipaa-1666.12d1Organizational.1235-12.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1666.12d1Organizational.1235-12.d"
  },
- {2 items
  - name: "hipaa-1667.12d1Organizational.4-12.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1667.12d1Organizational.4-12.d"
  },
- {2 items
  - name: "hipaa-1668.12d1Organizational.67-12.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1668.12d1Organizational.67-12.d"
  },
- {2 items
  - name: "hipaa-1669.12d1Organizational.8-12.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1669.12d1Organizational.8-12.d"
  },
- {2 items
  - name: "hipaa-1670.12d2Organizational.1-12.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1670.12d2Organizational.1-12.d"
  },
- {2 items
  - name: "hipaa-1671.12d2Organizational.2-12.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1671.12d2Organizational.2-12.d"
  },
- {2 items
  - name: "hipaa-1672.12d2Organizational.3-12.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1672.12d2Organizational.3-12.d"
  },
- {2 items
  - name: "hipaa-1699.09l1Organizational.10-09.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1699.09l1Organizational.10-09.l"
  },
- {2 items
  - name: "hipaa-1704.03b1Organizational.12-03.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1704.03b1Organizational.12-03.b"
  },
- {2 items
  - name: "hipaa-1705.03b2Organizational.12-03.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1705.03b2Organizational.12-03.b"
  },
- {2 items
  - name: "hipaa-1706.03b1Organizational.3-03.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1706.03b1Organizational.3-03.b"
  },
- {2 items
  - name: "hipaa-1707.03c1Organizational.12-03.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1707.03c1Organizational.12-03.c"
  },
- {2 items
  - name: "hipaa-1708.03c2Organizational.12-03.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1708.03c2Organizational.12-03.c"
  },
- {2 items
  - name: "hipaa-17100.10a3Organizational.5",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17100.10a3Organizational.5"
  },
- {2 items
  - name: "hipaa-17101.10a3Organizational.6-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17101.10a3Organizational.6-10.a"
  },
- {2 items
  - name: "hipaa-17120.10a3Organizational.5-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17120.10a3Organizational.5-10.a"
  },
- {2 items
  - name: "hipaa-17126.03c1System.6-03.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-17126.03c1System.6-03.c"
  },
- {2 items
  - name: "hipaa-1713.03c1Organizational.3-03.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1713.03c1Organizational.3-03.c"
  },
- {2 items
  - name: "hipaa-1733.03d1Organizational.1-03.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1733.03d1Organizational.1-03.d"
  },
- {2 items
  - name: "hipaa-1734.03d2Organizational.1-03.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1734.03d2Organizational.1-03.d"
  },
- {2 items
  - name: "hipaa-1735.03d2Organizational.23-03.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1735.03d2Organizational.23-03.d"
  },
- {2 items
  - name: "hipaa-1736.03d2Organizational.4-03.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1736.03d2Organizational.4-03.d"
  },
- {2 items
  - name: "hipaa-1737.03d2Organizational.5-03.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1737.03d2Organizational.5-03.d"
  },
- {2 items
  - name: "hipaa-1780.10a1Organizational.1-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1780.10a1Organizational.1-10.a"
  },
- {2 items
  - name: "hipaa-1781.10a1Organizational.23-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1781.10a1Organizational.23-10.a"
  },
- {2 items
  - name: "hipaa-1782.10a1Organizational.4-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1782.10a1Organizational.4-10.a"
  },
- {2 items
  - name: "hipaa-1783.10a1Organizational.56-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1783.10a1Organizational.56-10.a"
  },
- {2 items
  - name: "hipaa-1784.10a1Organizational.7-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1784.10a1Organizational.7-10.a"
  },
- {2 items
  - name: "hipaa-1785.10a1Organizational.8-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1785.10a1Organizational.8-10.a"
  },
- {2 items
  - name: "hipaa-1786.10a1Organizational.9-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1786.10a1Organizational.9-10.a"
  },
- {2 items
  - name: "hipaa-1787.10a2Organizational.1-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1787.10a2Organizational.1-10.a"
  },
- {2 items
  - name: "hipaa-1788.10a2Organizational.2-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1788.10a2Organizational.2-10.a"
  },
- {2 items
  - name: "hipaa-1789.10a2Organizational.3-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1789.10a2Organizational.3-10.a"
  },
- {2 items
  - name: "hipaa-1790.10a2Organizational.45-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1790.10a2Organizational.45-10.a"
  },
- {2 items
  - name: "hipaa-1791.10a2Organizational.6-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1791.10a2Organizational.6-10.a"
  },
- {2 items
  - name: "hipaa-1792.10a2Organizational.7814-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1792.10a2Organizational.7814-10.a"
  },
- {2 items
  - name: "hipaa-1793.10a2Organizational.91011-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1793.10a2Organizational.91011-10.a"
  },
- {2 items
  - name: "hipaa-1794.10a2Organizational.12-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1794.10a2Organizational.12-10.a"
  },
- {2 items
  - name: "hipaa-1795.10a2Organizational.13-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1795.10a2Organizational.13-10.a"
  },
- {2 items
  - name: "hipaa-1796.10a2Organizational.15-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1796.10a2Organizational.15-10.a"
  },
- {2 items
  - name: "hipaa-1797.10a3Organizational.1-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1797.10a3Organizational.1-10.a"
  },
- {2 items
  - name: "hipaa-1798.10a3Organizational.2-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1798.10a3Organizational.2-10.a"
  },
- {2 items
  - name: "hipaa-1799.10a3Organizational.34-10.a",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1799.10a3Organizational.34-10.a"
  },
- {2 items
  - name: "hipaa-1801.08b1Organizational.124-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1801.08b1Organizational.124-08.b"
  },
- {2 items
  - name: "hipaa-1802.08b1Organizational.3-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1802.08b1Organizational.3-08.b"
  },
- {2 items
  - name: "hipaa-1803.08b1Organizational.5-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1803.08b1Organizational.5-08.b"
  },
- {2 items
  - name: "hipaa-1804.08b2Organizational.12-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1804.08b2Organizational.12-08.b"
  },
- {2 items
  - name: "hipaa-1805.08b2Organizational.3-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1805.08b2Organizational.3-08.b"
  },
- {2 items
  - name: "hipaa-1806.08b2Organizational.4-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1806.08b2Organizational.4-08.b"
  },
- {2 items
  - name: "hipaa-1807.08b2Organizational.56-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1807.08b2Organizational.56-08.b"
  },
- {2 items
  - name: "hipaa-1808.08b2Organizational.7-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1808.08b2Organizational.7-08.b"
  },
- {2 items
  - name: "hipaa-1809.08b3Organizational.1-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1809.08b3Organizational.1-08.b"
  },
- {2 items
  - name: "hipaa-1810.08b3Organizational.2-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1810.08b3Organizational.2-08.b"
  },
- {2 items
  - name: "hipaa-18108.08j1Organizational.1-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18108.08j1Organizational.1-08.j"
  },
- {2 items
  - name: "hipaa-18109.08j1Organizational.4-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18109.08j1Organizational.4-08.j"
  },
- {2 items
  - name: "hipaa-1811.08b3Organizational.3-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1811.08b3Organizational.3-08.b"
  },
- {2 items
  - name: "hipaa-18110.08j1Organizational.5-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18110.08j1Organizational.5-08.j"
  },
- {2 items
  - name: "hipaa-18111.08j1Organizational.6-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18111.08j1Organizational.6-08.j"
  },
- {2 items
  - name: "hipaa-18112.08j3Organizational.4-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18112.08j3Organizational.4-08.j"
  },
- {2 items
  - name: "hipaa-1812.08b3Organizational.46-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1812.08b3Organizational.46-08.b"
  },
- {2 items
  - name: "hipaa-18127.08l1Organizational.3-08.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18127.08l1Organizational.3-08.l"
  },
- {2 items
  - name: "hipaa-1813.08b3Organizational.56-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1813.08b3Organizational.56-08.b"
  },
- {2 items
  - name: "hipaa-18130.09p1Organizational.24-09.p",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18130.09p1Organizational.24-09.p"
  },
- {2 items
  - name: "hipaa-18131.09p1Organizational.3-09.p",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18131.09p1Organizational.3-09.p"
  },
- {2 items
  - name: "hipaa-1814.08d1Organizational.12-08.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1814.08d1Organizational.12-08.d"
  },
- {2 items
  - name: "hipaa-18145.08b3Organizational.7-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18145.08b3Organizational.7-08.b"
  },
- {2 items
  - name: "hipaa-18146.08b3Organizational.8-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-18146.08b3Organizational.8-08.b"
  },
- {2 items
  - name: "hipaa-1815.08d2Organizational.123-08.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1815.08d2Organizational.123-08.d"
  },
- {2 items
  - name: "hipaa-1816.08d2Organizational.4-08.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1816.08d2Organizational.4-08.d"
  },
- {2 items
  - name: "hipaa-1817.08d3Organizational.12-08.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1817.08d3Organizational.12-08.d"
  },
- {2 items
  - name: "hipaa-1818.08d3Organizational.3-08.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1818.08d3Organizational.3-08.d"
  },
- {2 items
  - name: "hipaa-1819.08j1Organizational.23-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1819.08j1Organizational.23-08.j"
  },
- {2 items
  - name: "hipaa-1820.08j2Organizational.1-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1820.08j2Organizational.1-08.j"
  },
- {2 items
  - name: "hipaa-1821.08j2Organizational.3-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1821.08j2Organizational.3-08.j"
  },
- {2 items
  - name: "hipaa-1822.08j2Organizational.2-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1822.08j2Organizational.2-08.j"
  },
- {2 items
  - name: "hipaa-1823.08j3Organizational.12-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1823.08j3Organizational.12-08.j"
  },
- {2 items
  - name: "hipaa-1824.08j3Organizational.3-08.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1824.08j3Organizational.3-08.j"
  },
- {2 items
  - name: "hipaa-1825.08l1Organizational.12456-08.l",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1825.08l1Organizational.12456-08.l"
  },
- {2 items
  - name: "hipaa-1826.09p1Organizational.1-09.p",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1826.09p1Organizational.1-09.p"
  },
- {2 items
  - name: "hipaa-1827.09p2Organizational.1-09.p",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1827.09p2Organizational.1-09.p"
  },
- {2 items
  - name: "hipaa-1844.08b1Organizational.6-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1844.08b1Organizational.6-08.b"
  },
- {2 items
  - name: "hipaa-1845.08b1Organizational.7-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1845.08b1Organizational.7-08.b"
  },
- {2 items
  - name: "hipaa-1846.08b2Organizational.8-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1846.08b2Organizational.8-08.b"
  },
- {2 items
  - name: "hipaa-1847.08b2Organizational.910-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1847.08b2Organizational.910-08.b"
  },
- {2 items
  - name: "hipaa-1848.08b2Organizational.11-08.b",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1848.08b2Organizational.11-08.b"
  },
- {2 items
  - name: "hipaa-1862.08d1Organizational.3-08.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1862.08d1Organizational.3-08.d"
  },
- {2 items
  - name: "hipaa-1862.08d3Organizational.3",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1862.08d3Organizational.3"
  },
- {2 items
  - name: "hipaa-1863.08d1Organizational.4-08.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1863.08d1Organizational.4-08.d"
  },
- {2 items
  - name: "hipaa-1892.01l1Organizational.1",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1892.01l1Organizational.1"
  },
- {2 items
  - name: "hipaa-1901.06d1Organizational.1-06.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1901.06d1Organizational.1-06.d"
  },
- {2 items
  - name: "hipaa-1902.06d1Organizational.2-06.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1902.06d1Organizational.2-06.d"
  },
- {2 items
  - name: "hipaa-1903.06d1Organizational.3456711-06.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1903.06d1Organizational.3456711-06.d"
  },
- {2 items
  - name: "hipaa-1904.06.d2Organizational.1-06.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1904.06.d2Organizational.1-06.d"
  },
- {2 items
  - name: "hipaa-1906.06.c1Organizational.2-06.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1906.06.c1Organizational.2-06.c"
  },
- {2 items
  - name: "hipaa-1907.06.c1Organizational.3-06.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1907.06.c1Organizational.3-06.c"
  },
- {2 items
  - name: "hipaa-1908.06.c1Organizational.4-06.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1908.06.c1Organizational.4-06.c"
  },
- {2 items
  - name: "hipaa-1911.06d1Organizational.13-06.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-1911.06d1Organizational.13-06.d"
  },
- {2 items
  - name: "hipaa-19134.05j1Organizational.5-05.j",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19134.05j1Organizational.5-05.j"
  },
- {2 items
  - name: "hipaa-19141.06c1Organizational.7-06.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19141.06c1Organizational.7-06.c"
  },
- {2 items
  - name: "hipaa-19142.06c1Organizational.8-06.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19142.06c1Organizational.8-06.c"
  },
- {2 items
  - name: "hipaa-19143.06c1Organizational.9-06.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19143.06c1Organizational.9-06.c"
  },
- {2 items
  - name: "hipaa-19144.06c2Organizational.1-06.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19144.06c2Organizational.1-06.c"
  },
- {2 items
  - name: "hipaa-19145.06c2Organizational.2-06.c",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19145.06c2Organizational.2-06.c"
  },
- {2 items
  - name: "hipaa-19242.06d1Organizational.14-06.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19242.06d1Organizational.14-06.d"
  },
- {2 items
  - name: "hipaa-19243.06d1Organizational.15-06.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19243.06d1Organizational.15-06.d"
  },
- {2 items
  - name: "hipaa-19245.06d2Organizational.2-06.d",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/hipaa-19245.06d2Organizational.2-06.d"
  }
],
versions: [9 items
- "14.10.0",
- "14.9.0",
- "14.8.0",
- "14.7.0",
- "14.6.0",
- "14.5.0",
- "14.4.0",
- "14.3.0",
- "14.2.0"
]

}