-
Notifications
You must be signed in to change notification settings - Fork 21.2k
/
index.yml
527 lines (504 loc) · 21.8 KB
/
index.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
### YamlMime:Hub
title: Azure compliance documentation
summary: If your organization needs to comply with legal or regulatory standards, start here to learn about compliance in Azure.
brand: azure
metadata:
title: Azure compliance documentation
description: If your organization needs to comply with legal or regulatory standards, start here to learn about compliance in Azure.
ms.service: security
ms.topic: hub-page
author: TerryLanfear
ms.author: terrylan
manager: rkarlin
ms.date: 03/26/2024
conceptualContent:
# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
title: Compliance offerings # < 60 chars (optional)
items:
# Card
- title: Global
links:
- url: /compliance/regulatory/offering-cis-benchmark
itemType: concept
text: CIS benchmark
- url: /azure/compliance/offerings/offering-csa-star-attestation
itemType: concept
text: CSA STAR Attestation
- url: /azure/compliance/offerings/offering-csa-star-certification
itemType: concept
text: CSA STAR Certification
- url: /azure/compliance/offerings/offering-csa-star-self-assessment
itemType: concept
text: CSA STAR self-assessment
- url: /azure/compliance/offerings/offering-soc-1
itemType: concept
text: SOC 1
- url: /azure/compliance/offerings/offering-soc-2
itemType: concept
text: SOC 2
- url: /azure/compliance/offerings/offering-soc-3
itemType: concept
text: SOC 3
# Card
- title: Global
links:
- url: /azure/compliance/offerings/offering-iso-20000-1
itemType: concept
text: ISO 20000-1
- url: /azure/compliance/offerings/offering-iso-22301
itemType: concept
text: ISO 22301
- url: /azure/compliance/offerings/offering-iso-27001
itemType: concept
text: ISO 27001
- url: /azure/compliance/offerings/offering-iso-27017
itemType: concept
text: ISO 27017
- url: /azure/compliance/offerings/offering-iso-27018
itemType: concept
text: ISO 27018
- url: /azure/compliance/offerings/offering-iso-27701
itemType: concept
text: ISO 27701
- url: /azure/compliance/offerings/offering-iso-9001
itemType: concept
text: ISO 9001
- url: /compliance/regulatory/offering-wcag-2-1
itemType: concept
text: WCAG
# Card
- title: US government
links:
- url: /azure/compliance/offerings/offering-cjis
itemType: concept
text: CJIS
- url: /azure/compliance/offerings/offering-cmmc
itemType: concept
text: CMMC
- url: /azure/compliance/offerings/offering-cnssi-1253
itemType: concept
text: CNSSI 1253
- url: /azure/compliance/offerings/offering-dfars
itemType: concept
text: DFARS
- url: /azure/compliance/offerings/offering-dod-il2
itemType: concept
text: DoD IL2
- url: /azure/compliance/offerings/offering-dod-il4
itemType: concept
text: DoD IL4
- url: /azure/compliance/offerings/offering-dod-il5
itemType: concept
text: DoD IL5
- url: /azure/compliance/offerings/offering-dod-il6
itemType: concept
text: DoD IL6
- url: /azure/compliance/offerings/offering-doe-10-cfr-part-810
itemType: concept
text: DoE 10 CFR Part 810
- url: /azure/compliance/offerings/offering-ear
itemType: concept
text: EAR
- url: /azure/compliance/offerings/offering-fedramp
itemType: concept
text: FedRAMP
- url: /azure/compliance/offerings/offering-fips-140-2
itemType: concept
text: FIPS 140
# Card
- title: US government
links:
- url: /azure/compliance/offerings/offering-icd-503
itemType: concept
text: ICD 503
- url: /azure/compliance/offerings/offering-irs-1075
itemType: concept
text: IRS 1075
- url: /azure/compliance/offerings/offering-itar
itemType: concept
text: ITAR
- url: /azure/compliance/offerings/offering-jsig
itemType: concept
text: JSIG
- url: /azure/compliance/offerings/offering-ndaa-section-889
itemType: concept
text: NDAA
- url: /azure/compliance/offerings/offering-nist-800-161
itemType: concept
text: NIST 800-161
- url: /azure/compliance/offerings/offering-nist-800-171
itemType: concept
text: NIST 800-171
- url: /azure/compliance/offerings/offering-nist-800-53
itemType: concept
text: NIST 800-53
- url: /azure/compliance/offerings/offering-nist-800-63
itemType: concept
text: NIST 800-63
- url: /azure/compliance/offerings/offering-nist-csf
itemType: concept
text: NIST CSF
- url: /compliance/regulatory/offering-section-508-vpats
itemType: concept
text: Section 508 VPATs
- url: /azure/compliance/offerings/offering-stateramp
itemType: concept
text: StateRAMP
# Card
- title: Financial services
links:
- url: /compliance/regulatory/offering-23-nycrr-part-500
itemType: concept
text: 23 NYCRR Part 500 (US)
- url: /compliance/regulatory/offering-afm-dnb-netherlands
itemType: concept
text: AFM and DNB (Netherlands)
- url: /compliance/regulatory/offering-amf-acpr-france
itemType: concept
text: AMF and ACPR (France)
- url: /compliance/regulatory/offering-apra-australia
itemType: concept
text: APRA (Australia)
- url: /compliance/regulatory/offering-cftc-1-31-us
itemType: concept
text: CFTC 1.31 (US)
- url: /compliance/regulatory/offering-eba-eu
itemType: concept
text: EBA (EU)
- url: /azure/compliance/offerings/offering-fca-pra-uk
itemType: concept
text: FCA and PRA (UK)
- url: /compliance/regulatory/offering-ffiec-us
itemType: concept
text: FFIEC (US)
- url: /compliance/regulatory/offering-finma-switzerland
itemType: concept
text: FINMA (Switzerland)
# Card
- title: Financial services
links:
- url: /compliance/regulatory/offering-finra-4511
itemType: concept
text: FINRA 4511 (US)
- url: /compliance/regulatory/offering-fisc-japan
itemType: concept
text: FISC (Japan)
- url: /compliance/regulatory/offering-fsa-denmark
itemType: concept
text: FSA (Denmark)
- url: /compliance/regulatory/offering-glba
itemType: concept
text: GLBA (US)
- url: /compliance/regulatory/offering-knf-poland
itemType: concept
text: KNF (Poland)
- url: /compliance/regulatory/offering-mas-abs-singapore
itemType: concept
text: MAS and ABS (Singapore)
- url: /compliance/regulatory/offering-nbb-fsma-belgium
itemType: concept
text: NBB and FSMA (Belgium)
- url: /compliance/regulatory/offering-osfi-canada
itemType: concept
text: OSFI (Canada)
# Card
- title: Financial services
links:
- url: /azure/compliance/offerings/offering-ospar-singapore
itemType: concept
text: OSPAR (Singapore)
- url: /azure/compliance/offerings/offering-pci-3ds
itemType: concept
text: PCI 3DS
- url: /azure/compliance/offerings/offering-pci-dss
itemType: concept
text: PCI DSS
- url: /compliance/regulatory/offering-rbi-irdai-india
itemType: concept
text: RBI and IRDAI (India)
- url: /compliance/regulatory/offering-sec-17a-4
itemType: concept
text: SEC 17a-4 (US)
- url: /azure/compliance/offerings/offering-sec-reg-sci-us
itemType: concept
text: SEC Regulation SCI (US)
- url: /compliance/regulatory/offering-sox
itemType: concept
text: SOX (US)
- url: /compliance/regulatory/offering-trusight
itemType: concept
text: TruSight
# Card
- title: Healthcare and life sciences
links:
- url: /compliance/regulatory/offering-hds-france
itemType: concept
text: ASIP HDS (France)
- url: /azure/compliance/offerings/offering-epcs-us
itemType: concept
text: EPCS (US)
- url: /azure/compliance/offerings/offering-gxp
itemType: concept
text: GxP (FDA 21 CFR Part 11)
- url: /azure/compliance/offerings/offering-hipaa-us
itemType: concept
text: HIPAA (US)
- url: /azure/compliance/offerings/offering-hitrust
itemType: concept
text: HITRUST
- url: /azure/compliance/offerings/offering-mars-e-us
itemType: concept
text: MARS-E (US)
- url: /compliance/regulatory/offering-nen-7510-netherlands
itemType: concept
text: NEN 7510 (Netherlands)
# Card
- title: Automotive, education, energy, media, and telecommunication
links:
- url: /azure/compliance/offerings/offering-cdsa
itemType: concept
text: CDSA
- url: /azure/compliance/offerings/offering-dpp-uk
itemType: concept
text: DPP (UK)
- url: /azure/compliance/offerings/offering-fact-uk
itemType: concept
text: FACT (UK)
- url: /compliance/regulatory/offering-ferpa
itemType: concept
text: FERPA (US)
- url: /azure/compliance/offerings/offering-mpa
itemType: concept
text: MPA
- url: /azure/compliance/offerings/offering-gsma
itemType: concept
text: GSMA
- url: /azure/compliance/offerings/offering-nerc
itemType: concept
text: NERC (US)
- url: /azure/compliance/offerings/offering-tisax
itemType: concept
text: TISAX
# Card
- title: Regional - Americas
links:
- url: /compliance/regulatory/offering-pdpa-argentina
itemType: concept
text: Argentina PDPA
- url: /azure/compliance/offerings/offering-canada-privacy-laws
itemType: concept
text: Canada privacy laws
- url: /azure/compliance/offerings/offering-canada-protected-b
itemType: concept
text: Canada Protected B
- url: /compliance/regulatory/offering-ccpa
itemType: concept
text: US CCPA
# Card
- title: Regional - Asia Pacific
links:
- url: /azure/compliance/offerings/offering-australia-irap
itemType: concept
text: Australia IRAP
- url: /azure/compliance/offerings/offering-china-gb-18030
itemType: concept
text: China GB 18030
- url: /azure/compliance/offerings/offering-china-djcp
itemType: concept
text: China DJCP (MLPS)
- url: /azure/compliance/offerings/offering-china-tcs
itemType: concept
text: China TCS
- url: /compliance/regulatory/offering-meity-india
itemType: concept
text: India MeitY
- url: /compliance/regulatory/offering-cs-mark-gold-japan
itemType: concept
text: Japan CS Gold Mark
- url: /compliance/regulatory/offering-ismap
itemType: concept
text: Japan ISMAP
- url: /compliance/regulatory/offering-my-number-act-japan
itemType: concept
text: Japan My Number Act
- url: /azure/compliance/offerings/offering-korea-k-isms
itemType: concept
text: Korea K-ISMS
- url: /compliance/regulatory/offering-nz-cc-framework-nz
itemType: concept
text: New Zealand ISPC
- url: /azure/compliance/offerings/offering-singapore-mtcs
itemType: concept
text: Singapore MTCS
# Card
- title: Regional - EMEA
links:
- url: /azure/compliance/offerings/offering-eu-cloud-coc
itemType: concept
text: EU Cloud CoC
- url: /compliance/regulatory/offering-en-301-549-eu
itemType: concept
text: EU EN 301 549
- url: /azure/compliance/offerings/offering-eu-enisa-iaf
itemType: concept
text: ENISA IAF
- url: /compliance/regulatory/gdpr
itemType: concept
text: EU GDPR
- url: /compliance/regulatory/offering-eu-model-clauses
itemType: concept
text: EU Model Clauses
- url: /azure/compliance/offerings/offering-germany-c5
itemType: concept
text: Germany C5
- url: /azure/compliance/offerings/offering-germany-it-grundschutz-workbook
itemType: concept
text: Germany IT-Grundschutz workbook
- url: /compliance/regulatory/offering-bir-2012-netherlands
itemType: concept
text: Netherlands BIR 2012
- url: /azure/compliance/offerings/offering-qatar-nia
itemType: concept
text: Qatar NIA
# Card
- title: Regional - EMEA
links:
- url: /compliance/regulatory/offering-russia-data-localization
itemType: concept
text: Russia personal data law
- url: /compliance/regulatory/offering-ens-spain
itemType: concept
text: Spain ENS High
- url: /compliance/regulatory/offering-lopd-spain
itemType: concept
text: Spain LOPD
- url: /azure/compliance/offerings/offering-uae-desc
itemType: concept
text: UAE DESC
- url: /azure/compliance/offerings/offering-uk-cyber-essentials-plus
itemType: concept
text: UK Cyber Essentials Plus
- url: /azure/compliance/offerings/offering-uk-g-cloud
itemType: concept
text: UK G-Cloud
- url: /azure/compliance/offerings/offering-uk-pasf
itemType: concept
text: UK PASF
additionalContent:
# Maximum of 3 sections
sections:
# Section 1
- title: More compliance resources
summary: To access a resource, you may need to be signed into your cloud service.
items:
- title: Privacy and GDPR
links:
- text: Checklists
url: /compliance/regulatory/gdpr-arc-azure-dynamics-windows
- text: Data subject requests
url: /compliance/regulatory/gdpr-dsr-Azure
- text: Breach notification
url: /compliance/regulatory/gdpr-breach-azure-dynamics-windows
- text: Data protection impact assessments
url: /microsoft-365/compliance/gdpr-dpia-azure
- text: Data residency in Azure
url: https://azure.microsoft.com/global-infrastructure/data-residency/
- title: Azure Policy regulatory compliance built-in initiatives
links:
- text: Australian Government ISM PROTECTED
url: ../governance/policy/samples/australia-ism.md
- text: Canada Federal PBMM
url: ../governance/policy/samples/canada-federal-pbmm.md
- text: CIS Azure Foundations Benchmark
url: ../governance/policy/samples/cis-azure-1-3-0.md
- text: FedRAMP High
url: ../governance/policy/samples/fedramp-high.md
- text: HIPAA HITRUST
url: ../governance/policy/samples/hipaa-hitrust-9-2.md
- text: IRS 1075
url: ../governance/policy/samples/irs-1075-sept2016.md
- text: ISO 27001
url: ../governance/policy/samples/iso-27001.md
- text: PCI DSS
url: ../governance/policy/samples/pci-dss-3-2-1.md
- text: NIST SP 800-171
url: ../governance/policy/samples/nist-sp-800-171-r2.md
- text: UK OFFICIAL and UK NHS
url: ../governance/policy/samples/ukofficial-uknhs.md
# Card
- title: Country/Region privacy and compliance guides
links:
- text: Australian security and privacy requirements
url: https://azure.microsoft.com/resources/microsoft-azure-compliance-and-australian-security-and-privacy-requirements/
- text: Singapore security and privacy requirements
url: https://azure.microsoft.com/resources/microsoft-azure-compliance-in-the-context-of-singapore/
- text: Japan security and privacy requirements
url: https://azure.microsoft.com/resources/microsoft-azure-compliance-and-the-japan-security-and-privacy-requirements/
- text: New Zealand security and privacy requirements
url: https://azure.microsoft.com/resources/microsoft-azure-compliance-in-the-context-of-new-zealand/
- text: Navigating your way to the cloud in Europe
url: https://www.microsoft.com/en-ie/lcc_cloud/default.aspx
- text: Navigating to the cloud in Middle East and Africa
url: https://msmea-staging.azurewebsites.net/mea/trustedcloud/default.aspx
- text: Cloud compliance guides for financial services
url: https://servicetrust.microsoft.com/ViewPage/TrustDocumentsV3
- title: Implementation and mappings
links:
- text: Azure Policy Regulatory Compliance (preview)
url: ../governance/policy/concepts/regulatory-compliance.md
- text: CIS Azure Foundations Benchmark
url: https://www.cisecurity.org/benchmark/azure/
- text: CSA CAIQ
url: https://cloudsecurityalliance.org/star/registry/microsoft/
- text: FERPA implementation guide
url: https://azure.microsoft.com/resources/microsoft-azure-ferpa-implementation-guide/
- text: GDPR control mapping
url: https://servicetrust.microsoft.com/ViewPage/TrustDocumentsV3?command=Download&downloadType=Document&downloadId=62d400be-b281-48a2-b40a-eb1a89e087cf&tab=7f51cb60-3d6c-11e9-b2af-7bb9f5d2d913&docTab=7f51cb60-3d6c-11e9-b2af-7bb9f5d2d913_AuditedControls
- text: GxP guidelines
url: https://azure.microsoft.com/resources/microsoft-azure-gxp-guidelines-april/
- text: HITRUST customer responsibility matrix
url: https://go.hitrustalliance.net/SR-Custom-Matrix-Microsoft-Azure
# Card
- title: Implementation and mappings
links:
- text: ISO 27001 security controls
url: https://azure.microsoft.com/resources/13-effective-security-controls-for-iso-27001-compliance-when-using-microsoft-azure/
- text: IT-Grundschutz workbook (German)
url: /azure/compliance/offerings/offering-germany-it-grundschutz-workbook
- text: NERC CIP standards and cloud computing
url: ../azure-government/documentation-government-overview-nerc.md
- text: NZ GCIO cloud computing considerations
url: https://azure.microsoft.com/resources/microsoft-azure-response-to-nz-gcio-cloud-computing-information-security-privacy-considerations
- text: PCI 3DS attestation documents
url: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3
- text: SEC Regulation SCI guidance
url: https://azure.microsoft.com/resources/microsoft-azure-regulation-systems-compliance-and-integrity-sci-cloud-implementation-guide/
- text: SOX guidance
url: https://azure.microsoft.com/resources/microsoft-azure-guidance-for-sarbanes-oxley-sox/
- text: UK OFFICIAL cloud security controls
url: https://azure.microsoft.com/resources/14-cloud-security-controls-for-uk-cloud-using-microsoft-azure
# Card
- title: White papers and analyst reports
links:
- text: Overview of Azure compliance
url: /azure/compliance/offerings/
- text: Enabling data residency and protection
url: https://azure.microsoft.com/resources/achieving-compliant-data-residency-and-security-with-azure/
- text: Azure for worldwide public sector
url: ../azure-government/documentation-government-overview-wwps.md
- text: Azure Internet of Things compliance
url: https://azure.microsoft.com/resources/microsoft-azure-and-data-compliance-in-the-internet-of-things-iot-context/
- text: IDC - Azure manages regulatory challenges
url: https://azure.microsoft.com/resources/azure-is-helping-organizations-manage-regulatory-challenges/
- text: Azure risk compliance guide
url: https://azure.microsoft.com/resources/risk-assessment-and-compliance-guide-for-financial-institutions-in-the-microsoft-cloud-/
- text: Shared responsibilities for cloud computing
url: https://azure.microsoft.com/resources/shared-responsibilities-for-cloud-computing/
- text: Azure export controls
url: https://azure.microsoft.com/resources/microsoft-azure-cloud-services-us-uk-and-eu-export-controls/
- text: Azure enables a world of compliance
url: https://azure.microsoft.com/resources/azure-enables-a-world-of-compliance/
- text: Azure cloud platform for PCI 3DS
url: https://azure.microsoft.com/resources/azure-cloud-platform-for-pci-3ds/
- text: A practical guide to designing secure health solutions
url: https://azure.microsoft.com/resources/a-practical-guide-to-designing-secure-health-solutions-using-microsoft-azure/