Last Updated on September 11, 2024 by Arnav Sharma
The regulatory compliance dashboard in Microsoft Defender for Cloud shows your selected compliance standards with all their requirements, where supported requirements are mapped to applicable security assessments. The status of these assessments reflects your compliance with the standard.
- The regulatory compliance dashboard shows the status of all the assessments within your environment for your chosen standards and regulations. As you act on the recommendations and reduce risk factors in your environment, your compliance posture improves.
- Using the information in the regulatory compliance dashboard, you can improve your compliance posture by resolving recommendations directly within the dashboard.
- You can select any of the failing assessments that appear in the dashboard to view the details for that recommendation. Each recommendation includes a set of remediation steps to resolve the issue.
- From there, you can select any of the failing assessments that appear in the dashboard to view the details for that recommendation. Each recommendation includes a set of remediation steps to resolve the issue.
Add a standard to your Azure resources
To add standards to your dashboard:
- The subscription must have Defender for Cloud’s enhanced security features enabled
- The user must have owner or policy contributor permissions
- Open Defender for Cloud and then browse to Regulatory Compliance and Manage Policies
2. Select the Subscrition:
3. Browse to Policies and add Standards:
4. Add the required ones:
5. Review and Create:
6. To assign the initiative, hit assign and apply on the Subscription or RG level.
What regulatory compliance standards are available in Defender for Cloud?
By default, every Azure subscription has the Azure Security Benchmark assigned.
Available regulatory standards:
- PCI-DSS v3.2.1:2018
- SOC TSP
- NIST SP 800-53 R4
- NIST SP 800 171 R2
- UK OFFICIAL and UK NHS
- Canada Federal PBMM
- Azure CIS 1.1.0
- HIPAA/HITRUST
- SWIFT CSP CSCF v2020
- ISO 27001:2013
- New Zealand ISM Restricted
- CMMC Level 3
- Azure CIS 1.3.0
- NIST SP 800-53 R5
- FedRAMP H
- FedRAMP M
Available AWS regulatory standards:
- AWS CIS 1.2.0
- AWS PCI DSS 3.2.1
GCP compliance frameworks:
Available GCP regulatory standards:
- GCP CIS 1.1.0
- GCP CIS 1.2.0
- GCP ISO 27001
- GCP NIST 800 53
- PCI DSS 3.2.1
FAQ:
Q: What is Microsoft Defender for Cloud, and how does it support cloud security?
Microsoft Defender for Cloud provides cloud security by helping organizations assess, secure, and manage compliance across their cloud resources. It helps ensure that your cloud environment aligns with industry standards like the Microsoft Cloud Security Benchmark (MCSB) and other security benchmarks.
Q: How can Defender for Cloud help remediate security issues?
Defender for Cloud enables users to remediate security vulnerabilities by providing security recommendations based on continuous assessment of cloud resources. Automation and workflow features assist in resolving issues swiftly, ensuring compliance with specific recommendations.
Q: What additional resources are available for improving security posture and compliance?
Users can access additional resources like Microsoft Learn, GitHub, and Azure Policy to improve their security posture and manage compliance. Microsoft Purview Compliance Manager also aids in managing and auditing compliance requirements.
Q: How does Microsoft Defender for Cloud track compliance status?
Defender for Cloud tracks the compliance status of cloud resources through its compliance controls, enabling organizations to monitor their compliance assessment. It provides a high-level summary of compliance, such as current compliance status and resource compliance status, ensuring the organization meets required regulatory compliance.
Q: What security benchmarks does Defender for Cloud use?
Defender for Cloud uses the Microsoft Cloud Security Benchmark (MCSB) as a core framework for evaluating cloud security. This security benchmark is based on best practices, industry standards, and provides specific compliance recommendations to ensure security.
Q: What can a dashboard help monitor in a cloud environment?
A dashboard helps monitor various metrics and activities within a cloud environment, such as resource usage, compliance, and security status.
Q: What role do compliance controls play in cloud security?
Compliance controls ensure that cloud resources adhere to regulatory and organizational standards, providing a framework for maintaining security and governance.
Q: What does the Microsoft Cloud Security Benchmark focus on?
The Microsoft Cloud Security Benchmark focuses on best practices and security standards for protecting cloud resources, enhancing security posture, and mitigating risks.
Q: What does Microsoft Purview Compliance Manager provide?
Microsoft Purview Compliance Manager offers tools to help organizations assess their compliance posture, implement necessary controls, and streamline compliance workflows.
Q: How can GitHub integrate with cloud environments?
GitHub integrates with cloud environments by providing a platform for version control, automation, and continuous integration/continuous deployment (CI/CD) workflows.
Q: What does Microsoft Defender for Cloud provide?
Microsoft Defender for Cloud provides comprehensive security management for cloud resources, offering threat protection, vulnerability management, and compliance assessment.
Q: How can automation improve cloud security?
Automation can enhance cloud security by implementing workflows that automatically assess, monitor, and respond to potential security threats or compliance issues.
Q: How is Microsoft 365 used in cloud environments?
Microsoft 365 integrates with cloud environments, providing tools for productivity, collaboration, and security management across cloud-based applications.
Q: Why is it important to assess cloud environments regularly?
Regular assessment of cloud environments is crucial for identifying vulnerabilities, ensuring compliance, and optimizing security practices in dynamic and evolving cloud infrastructures.
Q: How can workflows improve compliance in the cloud?
Workflows streamline the process of implementing compliance controls, automating tasks like risk assessments, documentation, and control monitoring to maintain consistent compliance.
Q: What is the potential of generative AI in cloud environments?
Generative AI in cloud environments can optimize workflows, automate tasks, and enhance innovation by generating solutions for security, compliance, and resource management.