Regulatory compliance using Defender for Cloud
The regulatory compliance dashboard in Microsoft Defender for Cloud shows your selected compliance standards with all their requirements, where supported requirements are mapped to applicable security assessments. The status of these assessments reflects your compliance with the standard.
- The regulatory compliance dashboard shows the status of all the assessments within your environment for your chosen standards and regulations. As you act on the recommendations and reduce risk factors in your environment, your compliance posture improves.
- Using the information in the regulatory compliance dashboard, you can improve your compliance posture by resolving recommendations directly within the dashboard.
- You can select any of the failing assessments that appear in the dashboard to view the details for that recommendation. Each recommendation includes a set of remediation steps to resolve the issue.
- From there, you can select any of the failing assessments that appear in the dashboard to view the details for that recommendation. Each recommendation includes a set of remediation steps to resolve the issue.
Add a standard to your Azure resources
To add standards to your dashboard:
- The subscription must have Defender for Cloud’s enhanced security features enabled
- The user must have owner or policy contributor permissions
- Open Defender for Cloud and then browse to Regulatory Compliance and Manage Policies
2. Select the Subscrition:
3. Browse to Policies and add Standards:
4. Add the required ones:
5. Review and Create:
6. To assign the initiative, hit assign and apply on the Subscription or RG level.
What regulatory compliance standards are available in Defender for Cloud?
By default, every Azure subscription has the Azure Security Benchmark assigned.
Available regulatory standards:
- PCI-DSS v3.2.1:2018
- SOC TSP
- NIST SP 800-53 R4
- NIST SP 800 171 R2
- UK OFFICIAL and UK NHS
- Canada Federal PBMM
- Azure CIS 1.1.0
- SWIFT CSP CSCF v2020
- ISO 27001:2013
- New Zealand ISM Restricted
- CMMC Level 3
- Azure CIS 1.3.0
- NIST SP 800-53 R5
- FedRAMP H
- FedRAMP M
Available AWS regulatory standards:
- AWS CIS 1.2.0
- AWS PCI DSS 3.2.1
GCP compliance frameworks:
Available GCP regulatory standards:
- GCP CIS 1.1.0
- GCP CIS 1.2.0
- GCP ISO 27001
- GCP NIST 800 53
- PCI DSS 3.2.1
Q: What is regulatory compliance using Defender for Cloud?
A: Regulatory compliance using Defender for Cloud is a process of adhering to regulatory standards using Microsoft Defender for Cloud, a cloud-based platform that provides insights into your compliance posture and security policies.
Q: What is Microsoft Defender for Cloud?
A: Microsoft Defender for Cloud is a cloud-based platform that provides insights into security posture management, compliance status, and industry standards, helping organizations meet specific compliance requirements and add more standards to their security and compliance management.
Q: What is regulatory standard?
A: Regulatory standard is a set of rules and regulations that organizations must follow to comply with legal requirements, industry standards, and government regulations such as GDPR, HIPAA, and others.
Q: What is Azure policy?
A: Azure policy is a service on Microsoft Azure that helps organizations create and enforce policies to control and manage cloud resources, ensuring that all resources deployed meet regulatory compliance and security requirements.
Q: How can Defender for Cloud help with regulatory compliance standards?
A: Defender for Cloud provides insights into your compliance posture based on specific compliance standards, such as NIST, SOC2, ISO 27001, and more. It also helps organizations deploy and manage compliance policies using Azure policy initiative and compliance manager.
Q: What is Compliance Manager?
A: Compliance Manager is an application within Microsoft 365 that enables organizations to assess and manage their compliance with Microsoft services such as Defender for Cloud. It helps organizations add regulatory compliance standards, see the compliance status of their cloud workload, and identify areas that need attention to meet specific compliance requirements.
Q: What is Microsoft Purview Compliance Manager?
A: Microsoft Purview Compliance Manager is a new cloud-based capability that provides a unified view of compliance across all Microsoft services, including Defender for Cloud. It helps organizations understand their compliance posture and provides recommendations on how to better manage compliance requirements.
Q: Can Defender for Cloud provide insights into compliance posture for specific compliance requirements?
A: Yes, Defender for Cloud provides insights into compliance posture based on specific compliance requirements such as GDPR, HIPAA, and more using Azure Policy and Compliance Manager.
Q: How can Microsoft Sentinel help with regulatory compliance using Defender for Cloud?
A: Microsoft Sentinel is a cloud-native SIEM (Security Information and Event Management) solution that provides real-time threat detection and helps organizations meet compliance requirements. It can integrate with Defender for Cloud to provide real-time alerts and insights into regulatory compliance.
Q: How to add a regulatory compliance standard in Defender for Cloud?
A: To add a regulatory compliance standard in Defender for Cloud, organizations can use Azure policy initiative and Compliance Manager, which provides a comprehensive library of industry standards and regulatory requirements. Organizations can choose a compliance standard and deploy it to their cloud workload to meet compliance requirements.
keywords: security center, cloud security, azure security center, microsoft security, management group