Powered by Microsoft Azure
https://www.facebook.com/troubleshootingazure

Regulatory compliance using Defender for Cloud

azure, cybersecurity, IT

Regulatory compliance using Defender for Cloud

The regulatory compliance dashboard in Microsoft Defender for Cloud shows your selected compliance standards with all their requirements, where supported requirements are mapped to applicable security assessments. The status of these assessments reflects your compliance with the standard.

  • The regulatory compliance dashboard shows the status of all the assessments within your environment for your chosen standards and regulations. As you act on the recommendations and reduce risk factors in your environment, your compliance posture improves.
  • Using the information in the regulatory compliance dashboard, you can improve your compliance posture by resolving recommendations directly within the dashboard.
  • You can select any of the failing assessments that appear in the dashboard to view the details for that recommendation. Each recommendation includes a set of remediation steps to resolve the issue.
  • From there, you can select any of the failing assessments that appear in the dashboard to view the details for that recommendation. Each recommendation includes a set of remediation steps to resolve the issue.

Add a standard to your Azure resources

To add standards to your dashboard:

  • The subscription must have Defender for Cloud’s enhanced security features enabled
  • The user must have owner or policy contributor permissions
  1. Open Defender for Cloud and then browse to Regulatory Compliance and Manage Policies

2. Select the Subscrition:

3. Browse to Policies and add Standards:

4. Add the required ones:

5. Review and Create:

6. To assign the initiative, hit assign and apply on the Subscription or RG level.

What regulatory compliance standards are available in Defender for Cloud?

By default, every Azure subscription has the Azure Security Benchmark assigned.

Available regulatory standards:

  • PCI-DSS v3.2.1:2018
  • SOC TSP
  • NIST SP 800-53 R4
  • NIST SP 800 171 R2
  • UK OFFICIAL and UK NHS
  • Canada Federal PBMM
  • Azure CIS 1.1.0
  • HIPAA/HITRUST
  • SWIFT CSP CSCF v2020
  • ISO 27001:2013
  • New Zealand ISM Restricted
  • CMMC Level 3
  • Azure CIS 1.3.0
  • NIST SP 800-53 R5
  • FedRAMP H
  • FedRAMP M

Available AWS regulatory standards:

  • AWS CIS 1.2.0
  • AWS PCI DSS 3.2.1

GCP compliance frameworks:

Available GCP regulatory standards:

  • GCP CIS 1.1.0
  • GCP CIS 1.2.0
  • GCP ISO 27001
  • GCP NIST 800 53
  • PCI DSS 3.2.1

Leave a Reply

Your email address will not be published.