On Tuesday we announced the availability of Azure Security Benchmark v3 as part of the Microsoft Defender for Cloud news at Ignite 2021. In this blog post we will recap the announcement and provide more details on the release.
Azure Security Benchmark (ASB) is widely used by organizations to meet security control requirements in Azure. ASB provides clear and concrete guidance on how to securely configure Azure resources to meet both security and compliance requirements. ASB often plays a key role in Azure onboarding, enabling organizations to accelerate both initial Azure onboarding as well as ongoing onboarding/assessment of Azure Cloud Services.
Image 1: Azure Security Benchmark documentation and monitoring in the Microsoft Defender for Cloud portal
ASB as a harmonizing control framework
Today we see customers often have to reconcile and harmonize multiple control frameworks when planning and evaluating their Azure environments to meet security and compliance requirements. This often requires security teams to repeat the same evaluation process for the various control frameworks, creating unnecessary overhead, cost, and effort. To address this concern, we have developed ASB to function as a harmonizing control framework to help you quickly work with established standards in the context of a cloud environment—standards such as CIS Controls v8 and v7 , NIST SP800-53 Rev4 and PCI-DSS v3.2.1. Organizations can use ASB to consistently and easily evaluate their Azure deployments against these industry standards with minimal repeated work.
Image 2: Azure Security Benchmark Control Coverage
More in-depth guidance and new control categories
With the launch of ASB v3 we have fundamentally restructured our controls to provide customers with more granular and more actionable guidance by introducing Security Principles and Azure Guidance. Security Principles give you insight into the overall security objectives that build the foundation for our recommendations, while Azure Guidance is the technical “how-to” on meeting these objectives when implementing something in the cloud.
Image 3: Example of Azure Security Benchmark Control structure
In addition to refining all the existing controls for increased clarity and actionability, we have introduced brand new control categories. This brings the coverage of Azure Security Benchmark to a total of 85 controls, spanning 12 control domains. The new control categories include:
Continuous monitoring of ASB as part of Microsoft Defender for Cloud
Earlier this year, we announced ASB as the default security policy initiative for Microsoft Defender for Cloud. This enables you to view the state of your compliance relative to the benchmark controls in the Regulatory Compliance Dashboard, while also being able to view the detailed impact on your Secure Score. With the launch of ASB v3, it is now also available as the new default in Microsoft Defender for Cloud, so you can start monitoring your environment against the latest controls.
If you would like to help us improve the benchmark or provide feedback, please send us an email.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.