Defender for Cloud's regulatory standards and benchmarks are represented as security standards. Each standard is an initiative defined in Azure Policy.
In Defender for Cloud, you assign security standards to specific scopes such as Azure subscriptions that have Defender for Cloud enabled.
Defender for Cloud continually assesses the environment-in-scope against standards. Based on assessments, it shows in-scope resources as being compliant or noncompliant with the standard, and provides remediation recommendations.
This article describes how to add regulatory compliance standards as security standards in an Azure subscription.