Merge pull request #270210 from ElazarK/WI236546-compliance-standards

PMEds28 · web-flow · commit 14026f277ecb · 2024-04-03T10:21:57.000+01:00
added standards table
diff --git a/articles/defender-for-cloud/concept-regulatory-compliance-standards.md b/articles/defender-for-cloud/concept-regulatory-compliance-standards.md
@@ -1,11 +1,14 @@
 ---
-title: Regulatory compliance standards in Microsoft Defender for Cloud
-description: Learn about regulatory compliance standards in Microsoft Defender for Cloud
-ms.topic: conceptual
-ms.date: 11/27/2023
+title: Regulatory compliance in Defender for Cloud
+description: Learn about regulatory compliance standards and certification in Microsoft Defender for Cloud, and how it helps ensure compliance with industry regulations.
+author: dcurwin
+ms.author: dacurwin
+ms.topic: concept-article
+ms.date: 03/31/2024
+#customer intent: As a cloud security professional, I want to understand how Defender for Cloud helps me meet regulatory compliance standards, so that I can ensure my organization is compliant with industry standards and regulations.
 ---
 
-# Regulatory compliance standards
+# Regulatory compliance standards in Microsoft Defender for Cloud
 
 Microsoft Defender for Cloud streamlines the regulatory compliance process by helping you to identify issues that are preventing you from meeting a particular compliance standard, or achieving compliance certification.
 
@@ -61,7 +64,34 @@ By default, when you enable Defender for Cloud, the following standards are enab
 - For **AWS**: [Microsoft Cloud Security Benchmark (MCSB)](concept-regulatory-compliance.md) and [AWS Foundational Security Best Practices standard](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html).
 - For **GCP**: [Microsoft Cloud Security Benchmark (MCSB)](concept-regulatory-compliance.md) and **GCP Default**.
 
-## Next steps
+## Available regulatory standards
+
+The following regulatory standards are available in Defender for Cloud:
+
+| Standards for Azure subscriptions | Standards for AWS accounts | Standards for GCP projects |
+|--|--|--|
+| Australian Government ISM Protected | AWS Foundational Security Best Practices | Brazilian General Personal Data Protection Law (LGPD)|
+| Canada Federal PBMM | AWS Well-Architected Framework | California Consumer Privacy Act (CCPA)|
+| CIS Azure Foundations | Brazilian General Personal Data Protection Law (LGPD) | CIS Controls|
+| CMMC | California Consumer Privacy Act (CCPA) | CIS GCP Foundations|
+| FedRAMP ‘H’ & ‘M’ | CIS AWS Foundations | CIS Google Cloud Platform Foundation Benchmark|
+| HIPAA/HITRUST | CRI Profile | CIS Google Kubernetes Engine (GKE) Benchmark|
+| ISO/IEC 27001 | CSA Cloud Controls Matrix (CCM) | CRI Profile|
+| New Zealand ISM Restricted | GDPR | CSA Cloud Controls Matrix (CCM)|
+| NIST SP 800-171 | ISO/IEC 27001 | Cybersecurity Maturity Model Certification (CMMC)|
+| NIST SP 800-53 | ISO/IEC 27002 | FFIEC Cybersecurity Assessment Tool (CAT)|
+| PCI DSS | NIST Cybersecurity Framework (CSF) | GDPR|
+| RMIT Malaysia | NIST SP 800-172 | ISO/IEC 27001|
+| SOC 2 | PCI DSS | ISO/IEC 27002|
+| SWIFT CSP CSCF | | ISO/IEC 27017|
+| UK OFFICIAL and UK NHS | | NIST Cybersecurity Framework (CSF)|
+| | | NIST SP 800-53 |
+| | | NIST SP 800-171|
+| | | NIST SP 800-172|
+| | | PCI DSS|
+| | | Sarbanes Oxley Act (SOX)|
+| | | SOC 2|
+
+## Related content
 
 - [Assign regulatory compliance standards](update-regulatory-compliance-packages.md)
-- [Improve regulatory compliance](regulatory-compliance-dashboard.md)
diff --git a/articles/defender-for-cloud/release-notes.md b/articles/defender-for-cloud/release-notes.md
@@ -220,31 +220,9 @@ Learn more about [automated remediation scripts](implement-security-recommendati
 
 March 6, 2024
 
-Based on customer feedback, we've added the following compliance standards in preview to our compliance dashboard. As shown, these are for reviewing the compliance status of AWS and GCP resources protected by Defender for Cloud.
-
-| Compliance standard                                   | Version    | AWS                             | GCP                             |
-| ----------------------------------------------------- | ---------- | ------------------------------- | ------------------------------- |
-| AWS Well-Architected Framework                        | N/A        | :white_check_mark:              | :x:                             |
-| Brazilian General Personal Data Protection Law (LGPD) | 53/2018    | :white_check_mark:              | :white_check_mark:              |
-| California Consumer Privacy Act (CCPA)                | 2018       | :white_check_mark:              | :white_check_mark:              |
-| CIS Controls                                          | v8         | :x:                             | :white_check_mark:              |
-| CIS Google Cloud Platform Foundation Benchmark        | v2.0.0     | :x:                             | :white_check_mark:              |
-| CIS Google Kubernetes Engine (GKE) Benchmark          | v1.5.0     | :x:                             | :white_check_mark:              |
-| CPS 234 (APRA)                                        | 2019       | :x:                             | :white_check_mark:              |
-| CRI Profile                                           | v1.2.1     | :white_check_mark:              | :white_check_mark:              |
-| CSA Cloud Controls Matrix (CCM)                       | v4.0.10    | :white_check_mark:              | :white_check_mark:              |
-| Cybersecurity Maturity Model Certification (CMMC)     | v2.0       | :x:                             | :white_check_mark:              |
-| FFIEC Cybersecurity Assessment Tool (CAT)             | 2017       | :x:                             | :white_check_mark:              |
-| GDPR                                                  | 2016/679   | :white_check_mark:              | :white_check_mark:              |
-| ISO/IEC 27001                                         | 27001:2022 | :white_check_mark:              | :white_check_mark: **(Update)** |
-| ISO/IEC 27002                                         | 27002:2022 | :white_check_mark:              | :white_check_mark:              |
-| ISO/IEC 27017                                         | 27017:2015 | :x:                             | :white_check_mark:              |
-| NIST Cybersecurity Framework (CSF)                    | v1.1       | :white_check_mark:              | :white_check_mark:              |
-| NIST SP 800-171                                       | Revision 2 | :x:                             | :white_check_mark:              |
-| NIST SP 800-172                                       | 2021       | :white_check_mark:              | :white_check_mark:              |
-| PCI-DSS                                               | v4.0.0     | :white_check_mark: **(Update)** | :white_check_mark: **(Update)** |
-| Sarbanes Oxley Act (SOX)                              | 2002       | :x:                             | :white_check_mark:              |
-| SOC 2                                                 | 2017       | :x:                             | :white_check_mark:              |
+Based on customer feedback, we've added compliance standards in preview to Defender for Cloud.
+
+Check out the [full list of supported compliance standards](concept-regulatory-compliance-standards.md#available-regulatory-standards)
 
 We are continuously working on adding and updating new standards for Azure, AWS, and GCP environments.
 
