/
update-regulatory-compliance-packages.yml
112 lines (96 loc) · 5.92 KB
/
update-regulatory-compliance-packages.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
### YamlMime:HowTo
metadata:
title: Assign regulatory compliance standards in Microsoft Defender for Cloud
description: Learn how to assign regulatory compliance standards in Microsoft Defender for Cloud.
ms.date: 02/26/2024
ms.topic: how-to
ms.custom:
- ignite-2023
- ge-structured-content-pilot
title: |
Assign security standards
introduction: |
Defender for Cloud's regulatory standards and benchmarks are represented as [security standards](security-policy-concept.md). Each standard is an initiative defined in Azure Policy.
In Defender for Cloud, you assign security standards to specific scopes such as Azure subscriptions, AWS accounts, and GCP projects that have Defender for Cloud enabled.
Defender for Cloud continually assesses the environment-in-scope against standards. Based on assessments, it shows in-scope resources as being compliant or noncompliant with the standard, and provides remediation recommendations.
This article describes how to add regulatory compliance standards as security standards in an Azure subscription, AWS account, or GCP project.
prerequisites:
summary: |
- To add compliance standards, at least one Defender for Cloud plan must be enabled.
- You need `Owner` or `Policy Contributor` permissions to add a standard.
procedureSection:
- title: |
Assign a standard (Azure)
summary: |
**To assign regulatory compliance standards on Azure**:
steps:
- |
Sign in to the [Azure portal](https://portal.azure.com/).
- |
Navigate to **Microsoft Defender for Cloud** > **Regulatory compliance**. For each standard, you can see the applied subscription.
- |
Select **Manage compliance policies**.
:::image type="content" source="media/update-regulatory-compliance-packages/manage-compliance.png" alt-text="Screenshot of the regulatory compliance page that shows you where to select the manage compliance policy button." lightbox="media/update-regulatory-compliance-packages/manage-compliance.png":::
- |
Select the subscription or management group on which you want to assign the security standard.
> [!NOTE]
> We recommend selecting the highest scope for which the standard is applicable so that compliance data is aggregated and tracked for all nested resources.
- |
Select **Security policies**.
- |
Locate the standard you want to enable and toggle the status to **On**.
:::image type="content" source="media/update-regulatory-compliance-packages/turn-standard-on.png" alt-text="Screenshot showing regulatory compliance dashboard options." lightbox="media/update-regulatory-compliance-packages/turn-standard-on.png":::
If any information is needed in order to enable the standard, the **Set parameters** page appears for you to type in the information.
The selected standard appears in **Regulatory compliance** dashboard as enabled for the subscription it was enabled on.
- title: |
Assign a standard (AWS)
summary: |
**To assign regulatory compliance standards on AWS accounts**:
steps:
- |
Sign in to the [Azure portal](https://portal.azure.com/).
- |
Navigate to **Microsoft Defender for Cloud** > **Regulatory compliance**. For each standard, you can see the applied subscription.
- |
Select **Manage compliance policies**.
- |
Select the relevant AWS account.
- |
Select **Security policies**.
- |
In the **Standards** tab, select the three dots in the standard you want to assign > **Assign standard**.
:::image type="content" source="media/update-regulatory-compliance-packages/assign-standard-aws-from-list.png" alt-text="Screenshot that shows where to select a standard to assign." lightbox="media/update-regulatory-compliance-packages/assign-standard-aws-from-list.png":::
- |
At the prompt, select **Yes**. The standard is assigned to your AWS account.
:::image type="content" source="media/update-regulatory-compliance-packages/assign-standard-aws.png" alt-text="Screenshot of the prompt to assign a regulatory compliance standard to the AWS account." lightbox="media/update-regulatory-compliance-packages/assign-standard-aws.png":::
The selected standard appears in **Regulatory compliance** dashboard as enabled for the account.
- title: |
Assign a standard (GCP)
summary: |
**To assign regulatory compliance standards on GCP projects**:
steps:
- |
Sign in to the [Azure portal](https://portal.azure.com/).
- |
Navigate to **Microsoft Defender for Cloud** > **Regulatory compliance**. For each standard, you can see the applied subscription.
- |
Select **Manage compliance policies**.
- |
Select the relevant GCP project.
- |
Select **Security policies**.
- |
In the **Standards** tab, select the three dots alongside an unassigned standard and select **Assign standard**.
:::image type="content" source="media/update-regulatory-compliance-packages/assign-standard-gcp-from-list.png" alt-text="Screenshot that shows how to assign a standard to your GCP project." lightbox="media/update-regulatory-compliance-packages/assign-standard-gcp-from-list.png":::
- |
At the prompt, select **Yes**. The standard is assigned to your GCP project.
The selected standard appears in the **Regulatory compliance** dashboard as enabled for the project.
relatedContent:
- text: Create custom standards for Azure
url: custom-security-policies.md
- text: Create custom standards for AWS, and GCP
url: create-custom-recommendations.md
- text: Improve regulatory compliance
url: regulatory-compliance-dashboard.md
# - Create custom standards for [Azure](custom-security-policies.md), [AWS, and GCP](create-custom-recommendations.md).
# - [Improve regulatory compliance](regulatory-compliance-dashboard.md)