Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Details of the Azure Security Benchmark (Azure Government) Regulatory Compliance built-in initiative
In this articleThe following article details how the Azure Policy Regulatory Compliance built-in initiative definition maps to compliance domains and controls in Azure Security Benchmark (Azure Government). For more information about this compliance standard, see Azure Security Benchmark. To understand Ownership, see Azure Policy policy definition and Shared responsibility in the cloud. The following mappings are to the Azure Security Benchmark controls. Use the navigation on the right to jump directly to a specific compliance domain. Many of the controls are implemented with an Azure Policy initiative definition. To review the complete initiative definition, open Policy in the Azure portal and select the Definitions page. Then, find and select the Azure Security Benchmark Regulatory Compliance built-in initiative definition. Important Each control below is associated with one or more Azure Policy definitions. These policies may help you assess compliance with the control; however, there often is not a one-to-one or complete match between a control and one or more policies. As such, Compliant in Azure Policy refers only to the policy definitions themselves; this doesn't ensure you're fully compliant with all requirements of a control. In addition, the compliance standard includes controls that aren't addressed by any Azure Policy definitions at this time. Therefore, compliance in Azure Policy is only a partial view of your overall compliance status. The associations between compliance domains, controls, and Azure Policy definitions for this compliance standard may change over time. To view the change history, see the GitHub Commit History. Network SecurityEstablish network segmentation boundariesID: Azure Security Benchmark NS-1 Ownership: Shared
Secure cloud services with network controlsID: Azure Security Benchmark NS-2 Ownership: Shared
Deploy firewall at the edge of enterprise networkID: Azure Security Benchmark NS-3 Ownership: Shared
Deploy DDOS protectionID: Azure Security Benchmark NS-5 Ownership: Shared
Deploy web application firewallID: Azure Security Benchmark NS-6 Ownership: Shared
Detect and disable insecure services and protocolsID: Azure Security Benchmark NS-8 Ownership: Shared
Ensure Domain Name System (DNS) securityID: Azure Security Benchmark NS-10 Ownership: Shared
Identity ManagementUse centralized identity and authentication systemID: Azure Security Benchmark IM-1 Ownership: Shared
Manage application identities securely and automaticallyID: Azure Security Benchmark IM-3 Ownership: Shared
Use strong authentication controlsID: Azure Security Benchmark IM-6 Ownership: Shared
Privileged AccessSeparate and limit highly privileged/administrative usersID: Azure Security Benchmark PA-1 Ownership: Shared
Avoid standing access for accounts and permissionsID: Azure Security Benchmark PA-2 Ownership: Shared
Review and reconcile user access regularlyID: Azure Security Benchmark PA-4 Ownership: Shared
Follow just enough administration (least privilege) principleID: Azure Security Benchmark PA-7 Ownership: Shared
Data ProtectionMonitor anomalies and threats targeting sensitive dataID: Azure Security Benchmark DP-2 Ownership: Shared
Encrypt sensitive data in transitID: Azure Security Benchmark DP-3 Ownership: Shared
Enable data at rest encryption by defaultID: Azure Security Benchmark DP-4 Ownership: Shared
Use customer-managed key option in data at rest encryption when requiredID: Azure Security Benchmark DP-5 Ownership: Shared
Ensure security of key and certificate repositoryID: Azure Security Benchmark DP-8 Ownership: Shared
Asset ManagementUse only approved servicesID: Azure Security Benchmark AM-2 Ownership: Shared
Use only approved applications in virtual machineID: Azure Security Benchmark AM-5 Ownership: Shared
Logging and Threat DetectionEnable threat detection capabilitiesID: Azure Security Benchmark LT-1 Ownership: Shared
Enable threat detection for identity and access managementID: Azure Security Benchmark LT-2 Ownership: Shared
Enable logging for security investigationID: Azure Security Benchmark LT-3 Ownership: Shared
Centralize security log management and analysisID: Azure Security Benchmark LT-5 Ownership: Shared
Configure log storage retentionID: Azure Security Benchmark LT-6 Ownership: Shared
Incident ResponsePreparation - setup incident notificationID: Azure Security Benchmark IR-2 Ownership: Shared
Detection and analysis - create incidents based on high-quality alertsID: Azure Security Benchmark IR-3 Ownership: Shared
Detection and analysis - investigate an incidentID: Azure Security Benchmark IR-4 Ownership: Shared
Detection and analysis - prioritize incidentsID: Azure Security Benchmark IR-5 Ownership: Shared
Posture and Vulnerability ManagementAudit and enforce secure configurationsID: Azure Security Benchmark PV-2 Ownership: Shared
Audit and enforce secure configurations for compute resourcesID: Azure Security Benchmark PV-4 Ownership: Shared
Rapidly and automatically remediate vulnerabilitiesID: Azure Security Benchmark PV-6 Ownership: Shared
Endpoint SecurityUse Endpoint Detection and Response (EDR)ID: Azure Security Benchmark ES-1 Ownership: Shared
Use modern anti-malware softwareID: Azure Security Benchmark ES-2 Ownership: Shared
Backup and RecoveryEnsure regular automated backupsID: Azure Security Benchmark BR-1 Ownership: Shared
Protect backup and recovery dataID: Azure Security Benchmark BR-2 Ownership: Shared
DevOps SecurityEnforce security of workload throughout DevOps lifecycleID: Azure Security Benchmark DS-6 Ownership: Shared
Next stepsAdditional articles about Azure Policy:
FeedbackSubmit and view feedback for Additional resourcesAdditional resourcesIn this articleWhat is the main usage of Azure policy in Azure cloud compliance?Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Policy definitions for these common use cases are already available in your Azure environment as built-ins to help you get started.
What are security policies used for in Azure?What is a security policy? An Azure Policy definition, created in Azure Policy, is a rule about specific security conditions that you want controlled. Built in definitions include things like controlling what type of resources can be deployed or enforcing the use of tags on all resources.
What is Azure security and compliance?Azure Security and Compliance Blueprints—easily create, deploy and update compliant environments, including for certifications like ISO:27001, PCI DSS and UK OFFICIAL. Azure Security Centre—unify security management and enable advanced threat protection across hybrid cloud workloads.
Which Azure feature enables organizations to manage the access policies and compliance of their resources in Azure across multiple subscriptions?Resource groups provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.
|