You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security-center/update-regulatory-compliance-packages.md
+20-9Lines changed: 20 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,11 +19,11 @@ ms.author: memildin
19
19
20
20
Azure Security Center continually compares the configuration of your resources with requirements in industry standards, regulations, and benchmarks. The **regulatory compliance dashboard** provides insights into your compliance posture based on how you're meeting specific compliance controls and requirements.
21
21
22
-
One standard for which you can track your compliance posture is [Azure CIS 1.1.0](https://www.cisecurity.org/benchmark/azure/) (more formally, the "CIS Microsoft Azure Foundations Benchmark version 1.1.0").
22
+
With the **dynamic compliance packages** feature, Security Center *automatically improves its coverage of industry standards over time*.
23
23
24
-
The representation of Azure CIS that initially appears in your compliance dashboard relies on a static set of rules that is included with Security Center.
24
+
One standard for which you can track your compliance posture is [Azure CIS 1.1.0](https://www.cisecurity.org/benchmark/azure/) (more formally, the "CIS Microsoft Azure Foundations Benchmark version 1.1.0"). The representation of Azure CIS that initially appears in your compliance dashboard relies on a static set of rules that is included with Security Center.
25
25
26
-
With the **dynamic compliance packages** feature, Security Center automatically improves its coverage of industry standards over time. Compliance packages are essentially initiatives defined in Azure Policy. They can be assigned to your selected scope (subscription, management group, and so on). To see compliance data mapped as assessments in your dashboard, add a compliance package to your management group or subscription from within the Security Policy. Adding a compliance package effectively assigns the regulatory compliance initiative to your selected scope. In this way, you can track newly published regulatory initiatives as compliance standards in your dashboard. When Microsoft releases new content for the initiative (new policies that map to more controls in the standard), the additional content appears automatically in your dashboard.
26
+
Compliance packages are essentially initiatives defined in Azure Policy. They can be assigned to your selected scope (subscription, management group, and so on). To see compliance data mapped as assessments in your dashboard, add a compliance package to your management group or subscription from within the Security Policy. Adding a compliance package effectively assigns the regulatory compliance initiative to your selected scope. In this way, you can track newly published regulatory initiatives as compliance standards in your dashboard. When Microsoft releases new content for the initiative (new policies that map to more controls in the standard), the additional content appears automatically in your dashboard.
27
27
28
28
The dynamic compliance package for the Azure CIS benchmark, **Azure CIS 1.1.0 (new)**, improves on the original *static* version by:
29
29
@@ -38,22 +38,33 @@ The following steps explain how to add the dynamic package for monitoring your c
38
38
39
39
### Update to the Azure CIS 1.1.0 (new) dynamic compliance package
40
40
41
-
1.Open the **Security policy**page. This page shows the number of management groups, subscriptions, workspaces, and your management group structure.
41
+
1.From Security Center's sidebar, select **Regulatory compliance**to open the regulatory compliance dashboard. Here you can see the compliance standards currently assigned to the currently selected subscriptions.
42
42
43
-
1. Select the subscription or management group for which you want to manage the regulatory compliance posture. We recommend selecting the highest scope for which the standard is applicable so that compliance data is aggregated and tracked for all nested resources.
43
+
1. From the top of the page, select **Manage compliance policies**. This opens the Policy Management page.
44
+
45
+
1. Select the subscription or management group for which you want to manage the regulatory compliance posture.
46
+
47
+
> [!TIP]
48
+
> We recommend selecting the highest scope for which the standard is applicable so that compliance data is aggregated and tracked for all nested resources.
44
49
45
50
1. In the Industry & regulatory standards section, you'll see that Azure CIS 1.1.0 can be updated for new content. Click **Update now**.
46
51
47
-
1. Optionally, click **Add more standards** to open the **Add regulatory compliance standards** page. There, you can search manually for **Azure CIS 1.1.0 (New)** and dynamic packages for other compliance standards such as **NIST SP 800-53 R4**, **SWIFT CSP CSCF-v2020**, **UKO and UK NHS**, and **Canada PBMM**.
52
+
1. Optionally, click **Add more standards** to open the **Add regulatory compliance standards** page. There, you can search manually for **Azure CIS 1.1.0 (New)** and dynamic packages for other compliance standards such as:
0 commit comments