Edit

Assign security standards

  • How-to

Defender for Cloud's regulatory standards and benchmarks are represented as security standards. Each standard is an initiative defined in Azure Policy.

In Defender for Cloud, you assign security standards to specific scopes such as Azure subscriptions, AWS accounts, and GCP projects that have Defender for Cloud enabled.

Defender for Cloud continually assesses the environment-in-scope against standards. Based on assessments, it shows in-scope resources as being compliant or noncompliant with the standard, and provides remediation recommendations.

This article describes how to add regulatory compliance standards as security standards in an Azure subscription, AWS account, or GCP project.

Prerequisites

  • To add compliance standards, at least one Defender for Cloud plan must be enabled.
  • You need Owner or Policy Contributor permissions to add a standard.

Assign a standard

To assign regulatory compliance standards on cloud environment:

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Regulatory compliance. For each standard, you can see the applied subscription.

  3. Select Manage compliance policies.

    Screenshot of the regulatory compliance page that shows you where to select the manage compliance policy button.

  4. Select an account or management account (Azure subscription or management group, AWS account or management account, GCP project or organization) on which you want to assign the security standard.

    Note

    We recommend selecting the highest scope for which the standard is applicable so that compliance data is aggregated and tracked for all nested resources.

  5. Select Security policies.

  6. Locate the standard you want to enable and toggle the status to On.

    Screenshot showing regulatory compliance dashboard options.

    If any information is needed in order to enable the standard, the Set parameters page appears for you to type in the information.

    The selected standard appears in Regulatory compliance dashboard as enabled for the subscription it was enabled on.

Related content