New and enhanced multicloud regulatory compliance standards in Defender for Cloud

Security compliance across multicloud environments is challenging due to the diversity and complexity of platforms. Each cloud provider—whether AWS, Azure, Google Cloud, or others—has its own security protocols, configurations, and compliance requirements. This variation can lead to discrepancies and gaps in security posture, as what works in one cloud environment may not be applied seamlessly in another. Managing multiple compliance frameworks simultaneously adds complexity, especially when each provider has different methods for meeting these standards.  

Without unified compliance visibility, security teams are forced to monitor each cloud platform independently, which is time-consuming and prone to human error. This fragmentation can lead to missed compliance requirements, especially when resources are limited or when team members are unfamiliar with specific cloud platforms. As a result, organizations face increased risks of data breaches, fines, and reputational damage if they fail to meet regulatory requirements consistently across all platforms. 

A streamlined approach ultimately strengthens the organization’s security posture and simplifies the path to achieving and maintaining compliance across complex, multi-cloud landscapes. 

Microsoft Defender for Cloud aids security teams in meeting various regulations and industry standards through our Regulatory Compliance dashboard. Each standard has multiple compliance controls, which are groups of related security recommendations. Defender for Cloud constantly evaluates the environment against these controls, indicating whether resources are compliant or non-compliant. To help security teams streamline with compliance teams, Defender for Cloud regulatory compliance signals can be integrated into Microsoft Purview Compliance Manager. 

Today, we’re excited to share enhanced and expanded support of over 30 regulatory compliance frameworks in Defender for Cloud, across Azure, AWS, and GCP. 

New regulatory compliance frameworks for multicloud environments now available in public preview 

Unified compliance posture assessments actualized to the latest versions with parity across Azure, AWS, and GCP. New regulatory compliance standards include: 

1. E.U. Network and Information Security Directive 2 (NIS2)  
2. CIS GCP Foundations v3.0  
3. U.S. Criminal Justice Information Services (CJIS) Security Policy, Version 5.9.5 
4. U.S. Federal Financial Institutions Examination Council Cybersecurity Assessment Tool (FFIEC CAT) 
5. U.K. National Cyber Security Centre (NCSC) Cyber Essentials v3.1 
6. U.K. National Cyber Security Centre (NCSC) Cyber Assurance Framework (CAF) v3.2  

Enhancements to existing regulatory compliance standards 

Leverage the latest versions of currently supported regulatory compliance standards with expansion to full parity across Azure, AWS, and GCP. Some key standards include: 

1. SWIFT Customer Security Controls Framework (2024) 
2. E.U. General Data Protection Regulation (GDPR) 
3. ISO IEC 27002:2022
4. NIST CSF v2.0
5. PCI DSS v4.0.1
6. NIST SP 800 53 R5.1.1 

View the full list of regulatory compliance standards. Get started with regulatory compliance assessment in Defender for Cloud today.