|
1 | 1 | --- |
2 | | -title: Regulatory compliance standards in Microsoft Defender for Cloud |
3 | | -description: Learn about regulatory compliance standards in Microsoft Defender for Cloud |
4 | | -ms.topic: conceptual |
5 | | -ms.date: 11/27/2023 |
| 2 | +title: Regulatory compliance in Defender for Cloud |
| 3 | +description: Learn about regulatory compliance standards and certification in Microsoft Defender for Cloud |
| 4 | +author: dcurwin |
| 5 | +ms.author: dacurwin |
| 6 | +ms.topic: concept-article |
| 7 | +ms.date: 03/26/2024 |
| 8 | +#customer intent: As a cloud security professional, I want to understand how Defender for Cloud helps me meet regulatory compliance standards, so that I can ensure my organization is compliant with industry standards and regulations. |
6 | 9 | --- |
7 | 10 |
|
8 | | -# Regulatory compliance standards |
| 11 | +# Regulatory compliance standards in Microsoft Defender for Cloud |
9 | 12 |
|
10 | 13 | Microsoft Defender for Cloud streamlines the regulatory compliance process by helping you to identify issues that are preventing you from meeting a particular compliance standard, or achieving compliance certification. |
11 | 14 |
|
@@ -61,7 +64,53 @@ By default, when you enable Defender for Cloud, the following standards are enab |
61 | 64 | - For **AWS**: [Microsoft Cloud Security Benchmark (MCSB)](concept-regulatory-compliance.md) and [AWS Foundational Security Best Practices standard](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html). |
62 | 65 | - For **GCP**: [Microsoft Cloud Security Benchmark (MCSB)](concept-regulatory-compliance.md) and **GCP Default**. |
63 | 66 |
|
64 | | -## Next steps |
65 | | - |
66 | | -- [Assign regulatory compliance standards](update-regulatory-compliance-packages.md) |
67 | | -- [Improve regulatory compliance](regulatory-compliance-dashboard.md) |
| 67 | +## Available regulatory standards |
| 68 | + |
| 69 | +The following regulatory standards are available in Defender for Cloud: |
| 70 | + |
| 71 | +| Standards for Azure subscriptions | Standards for AWS accounts | Standards for GCP projects | |
| 72 | +|--|--|--| |
| 73 | +| PCI DSS v4 | CIS AWS Foundations | CIS GCP Foundations | |
| 74 | +| SOC 2 Type 2 | CIS AWS Foundations | PCI DSS | |
| 75 | +| ISO 27001:2013 | PCI DSS | NIST 800-53 | |
| 76 | +| CIS Azure Foundations | AWS Foundational Security Best Practices | ISO 27001 | |
| 77 | +| NIST SP 800-53 R4 | AWS Well-Architected Framework | Brazilian General Personal Data Protection Law (LGPD) | |
| 78 | +| NIST SP 800-53 R5 | Brazilian General Personal Data Protection Law (LGPD) | California Consumer Privacy Act (CCPA) | |
| 79 | +| NIST SP 800 171 R2 | California Consumer Privacy Act (CCPA) | CIS Controls | |
| 80 | +| CMMC Level 3 | CRI Profile | CIS Google Cloud Platform Foundation Benchmark | |
| 81 | +| FedRAMP H | CSA Cloud Controls Matrix (CCM) | CIS Google Kubernetes Engine (GKE) Benchmark | |
| 82 | +| FedRAMP M | GDPR | CIS Google Kubernetes Engine (GKE) Benchmark | |
| 83 | +| HIPAA/HITRUST | ISO/IEC 27001 | CRI Profile | |
| 84 | +| SWIFT CSP CSCF | ISO/IEC 27002 | CSA Cloud Controls Matrix (CCM) | |
| 85 | +| SWIFT CSP CSCF | NIST Cybersecurity Framework (CSF) | Cybersecurity Maturity Model Certification (CMMC) | |
| 86 | +| UK OFFICIAL and UK NHS | NIST SP 800-172 | FFIEC Cybersecurity Assessment Tool (CAT) | |
| 87 | +| Canada Federal PBMM | PCI-DSS | GDPR | |
| 88 | +| New Zealand ISM Restricted | | ISO/IEC 27001 | |
| 89 | +| New Zealand ISM Restricted | | ISO/IEC 27002 | |
| 90 | +| Australian Government ISM Protected | | ISO/IEC 27017 | |
| 91 | +| RMIT Malaysia | | NIST Cybersecurity Framework (CSF) | |
| 92 | +| Brazilian General Personal Data Protection Law (LGPD) | | NIST SP 800-171 | |
| 93 | +| California Consumer Privacy Act (CCPA) | | NIST SP 800-172 | |
| 94 | +| CIS Controls | | PCI-DSS | |
| 95 | +| CIS Google Cloud Platform Foundation Benchmark | | Sarbanes Oxley Act (SOX)| |
| 96 | +| CIS Google Kubernetes Engine (GKE) Benchmark | | SOC 2 | |
| 97 | +| CIS Google Kubernetes Engine (GKE) Benchmark | | | |
| 98 | +| CRI Profile | | | |
| 99 | +| CSA Cloud Controls Matrix (CCM) | | | |
| 100 | +| Cybersecurity Maturity Model Certification (CMMC) | | | |
| 101 | +| FFIEC Cybersecurity Assessment Tool (CAT) | | | |
| 102 | +| GDPR | | | |
| 103 | +| ISO/IEC 27001 | | | |
| 104 | +| ISO/IEC 27002 | | | |
| 105 | +| ISO/IEC 27017 | | | |
| 106 | +| NIST Cybersecurity Framework (CSF) | | | |
| 107 | +| NIST SP 800-171 | | | |
| 108 | +| NIST SP 800-172 | | | |
| 109 | +| PCI-DSS | | | |
| 110 | +| Sarbanes Oxley Act (SOX) | | | |
| 111 | +| SOC 2 | | | |
| 112 | + |
| 113 | +## Next step |
| 114 | + |
| 115 | +> [!div class="nextstepaction"] |
| 116 | +> [Assign regulatory compliance standards](update-regulatory-compliance-packages.md) |
0 commit comments