Microsoft Defender for Cloud-Regulatory Compliance (CIS Benchmarks AWS and Azure)
Defender for Cloud solves the problem by offering a centralized platform for controlling threats and the security posture of Azure’s dynamic workloads. It provides the tools you need to protect your resources, monitor your security posture, fight against cyberattacks, and make security management more effortless. Because Defender for Cloud is natively integrated, it’s simple to set up and use, with simple auto-provisioning to protect your resources by default.
Defender for Cloud can continuously monitor hybrid and cloud architectures, assessing risk variables depending on the policies and best practices specified in the subscription requirements.
Microsoft Defender for Cloud comes with a particular Regulatory Compliance Dashboard that shows the status of all assessments in your environments for your specified standards. Your compliance posture improves when you implement the suggestions and minimize risk elements in your Environment.
This dashboard blade displays your chosen compliance standards and all of their criteria. You can use it to help you concentrate your attention on the gaps in Compliance with your selected standards and regulations. This full view also allows you to track your Compliance over time in the Azure and hybrid environments such as AWS and GCP.
The Azure Security Benchmark is assigned to every subscription in general. This guideline contains Microsoft’s Azure-specific security and compliance best practices based on standard compliance frameworks. Microsoft Defender for Cloud can compare the configuration of your resources with requirements by industry standards, regulations, and benchmarks.
Available Regulatory Standards in Defender for Cloud.
· PCI-DSS v3.2.1:2018
· SOC TSP
· NIST SP 800–53 R4
· NIST SP 800 171 R2
· UK OFFICIAL and UK NHS
· Canada Federal PBMM
· CIS 1.1.0
· HIPAA/HITRUST
· SWIFT CSP CSCF v2020
· ISO 27001:2013
· New Zealand ISM Restricted
· CMMC Level 3
· CIS 1.3.0
· NIST SP 800–53 R5
· FedRAMP H
· FedRAMP M
To add the standards to the dashboard, Azure subscription must enable Defender for Cloud’s enhanced security features and accessing users should have owner or policy contributor permissions.
In this article, we will use AWS/ Azure Center for Internet Security (CIS) Benchmarks. Before adding it, we have to connect AWS Account to Azure through Microsoft Defender for Cloud Service, Regulatory Compliance.
This setup is already done, and you can find more details at Connect your AWS account to Microsoft Defender for Cloud | Microsoft Docs
To configure the (CIS) Benchmarks for both AWS and Azure Environments, click the Environment you want in Microsoft Defender for Cloud | Environment settings and Click the Security Policy
Can deploy the same in ‘Policy’ in the Azure portal search Area.
Then in the “Industry and Regulatory Standards Section” click add more/standards (in this demo Azure/AWS CIS)
Please note that you must continue this on all required environments or subscriptions.
Click “Assign”
Then select the Scope (Subscription or Resources group) and continue.
For the AWS direct Microsoft Defender for Cloud | Environment settings, select the AWS Account(s) the go-to Standards
Then Add Section Select the AWS CIS
After applying the standards, it may take 6–12 hours to show the Compliance Controllers in The Regulatory Compliance blade.
Now you can make visible the compliance controls by their categories. If Resource Compliance Status Fails in some controls, you can remediate those with the given instructions.
Regulatory Compliance also provides compliance domains and security controls for Azure Arc-enabled Resources. This can help your Azure Arc resources compliant with the specific standards.
Based on Defender for Cloud assessments data, you can also get a high-level summary of your compliance status for the specified standard. These reports are organized in accordance with the standard’s control and can be sent to key stakeholders and used as evidence by internal and external auditors.
Defender for Cloud features an export method that makes it simple to track your compliance status with other monitoring tools in your environment. Configure continuous export to send selected data to a Log Analytics workspace or an Azure Event Hub. You can also automate your workflow when your compliance requirements change.
END
