ASC Security Policies & Compliance Wording

Hi GlavniArhivator, 

thanks for asking these great questions, I'll try to answer them in the respective order using a numbered list. 

1. Regulatory compliance is part of the ASC Standard tier, whereas Secure Score comes with the ASC free tier. Today, we do not map the compliance assessment results to your Secure Score.
2. The Azure Security Benchmark is not exactly the same, as the CIS 1.1.0 benchmark we have integrated in ASC. However, its controls are consistent with other well-known security benchmarks, such as CIS 7.1. You can find more information about the Azure Security Benchmark at https://docs.microsoft.com/en-us/azure/security/benchmarks/overview. 
3. Benchmarks and Azure Policy are not the same. You can see Azure Policy as the tool for technically implementing auditing of security benchmarks. So, the recommendations you see in your Security Controls in the Resource Security Hygiene part of Azure Security Center are derived from well-known security benchmarks and the technical implementation under the hood is based on Azure Policy. In other words: we are using Azure Policy to create the recommendations you see in Azure Security Center, but these recommendations are based on industry-standard security best-practices.
4. No, this is not possible today. The security policy Azure Security Center relies on is scoped to the Management Group or Subscription level.

Best regards,

Tom Janetscheck

Senior Program Manager

CxE | Azure Security Center