在合规性仪表板中更新为动态合规性包(预览版)Update to dynamic compliance packages in your Regulatory Compliance dashboard (Preview)

Azure 安全中心会不断地将资源的配置与行业标准、法规和基准中的要求进行比较。Azure Security Center continually compares the configuration of your resources with requirements in industry standards, regulations, and benchmarks. 根据你满足特定的合规性控制和要求的方式,合规性仪表板提供有关合规性状态的见解。The regulatory compliance dashboard provides insights into your compliance posture based on how you're meeting specific compliance controls and requirements.

用于跟踪合规性状态的一个标准是 Azure CIS 1.1.0(更正式地说法是“CIS Microsoft Azure 基础基准检验版本 1.1.0”)。One standard for which you can track your compliance posture is Azure CIS 1.1.0 (more formally, the "CIS Microsoft Azure Foundations Benchmark version 1.1.0").

最初出现在合规性仪表板中的 Azure CIS 表示形式依赖于安全中心随附的一组静态规则。The representation of Azure CIS that initially appears in your compliance dashboard relies on a static set of rules that is included with Security Center.

通过“动态合规性包(预览版)”功能,安全中心会随时间的推移自动提高行业标准的覆盖范围。With the dynamic compliance packages (preview) feature, Security Center automatically improves its coverage of industry standards over time. 合规性包实质上是在 Azure Policy 中定义的计划。Compliance packages are essentially initiatives defined in Azure Policy. 可以将它们分配给所选的作用域(订阅、管理组等)。They can be assigned to your selected scope (subscription, management group, and so on). 若要查看在仪表板中映射为评估的合规性数据,请从安全策略中将合规性包添加到管理组或订阅中。To see compliance data mapped as assessments in your dashboard, add a compliance package to your management group or subscription from within the Security Policy. 添加合规性包可有效地将合规性计划分配给所选的作用域。Adding a compliance package effectively assigns the regulatory compliance initiative to your selected scope. 通过这种方式,你可以在仪表板中跟踪新发布的法规计划,将其作为合规性标准。In this way, you can track newly published regulatory initiatives as compliance standards in your dashboard. 当 Microsoft 发布新的计划内容(映射到标准中的更多控制的新策略)时,其他内容会自动显示在仪表板中。When Microsoft releases new content for the initiative (new policies that map to more controls in the standard), the additional content appears automatically in your dashboard.

Azure CIS 基准 - Azure CIS 1.1.0(新版)- 的动态合规性包通过以下方式在原始静态版本的基础上做了改进:The dynamic compliance package for the Azure CIS benchmark, Azure CIS 1.1.0 (new), improves on the original static version by:

  • 包括更多策略Including more policies
  • 添加新覆盖范围时自动更新Automatically updating with new coverage as it's added

更新为如下所述的新动态包。Update to the new dynamic package as described below.

添加动态合规性包Adding a dynamic compliance package

以下步骤说明如何添加动态包,监视你对 Azure CIS 基准 1.1.0 版的遵从情况。The following steps explain how to add the dynamic package for monitoring your compliance with the Azure CIS benchmark v1.1.0.

更新为 Azure CIS 1.1.0(新版)动态合规性包Update to the Azure CIS 1.1.0 (new) dynamic compliance package

  1. 打开“安全策略”页。Open the Security policy page. 此页面显示管理组数、订阅数和工作区数以及管理组结构。This page shows the number of management groups, subscriptions, workspaces, and your management group structure.

  2. 选择要为其管理合规性状态的订阅或管理组。Select the subscription or management group for which you want to manage the regulatory compliance posture. 建议选择标准适用的最高作用域,以便为所有嵌套资源聚合和跟踪合规性数据。We recommend selecting the highest scope for which the standard is applicable so that compliance data is aggregated and tracked for all nested resources.

  3. 在行业与法规标准(预览版)部分中,你将看到 Azure CIS 1.1.0 可以针对新内容进行更新。In the Industry & regulatory standards (preview) section, you'll see that Azure CIS 1.1.0 can be updated for new content. 单击“立即更新”。Click Update now.

  4. (可选)单击“添加更多标准”以打开“添加合规性标准”页 。Optionally, click Add more standards to open the Add regulatory compliance standards page. 在该页中,可手动搜索 Azure CIS 1.1.0(新版)和动态包以获取其他合规性标准,如 NIST SP 800-53 R4、SWIFT CSP CSCF-v2020、UKO 和 UK NHS 以及加拿大 PBMM 。There, you can search manually for Azure CIS 1.1.0 (New) and dynamic packages for other compliance standards such as NIST SP 800-53 R4, SWIFT CSP CSCF-v2020, UKO and UK NHS, and Canada PBMM.

    提示

    只有作为所有者或策略参与者的用户具有添加合规性标准所必需的权限。Only users who are owner or policy contributor have the necessary permissions to add compliance standards.

    将法规包添加到 Azure 安全中心的合规性仪表板

  5. 从安全中心的边栏中,选择“合规性”以打开合规性仪表板。From Security Center's sidebar, select Regulatory compliance to open the regulatory compliance dashboard.

    • Azure CIS 1.1.0(新版)现在显示在行业与法规标准的列表中。Azure CIS 1.1.0 (New) now appears in your list of Industry & regulatory standards.
    • Azure CIS 1.1.0 合规性的原始静态视图也将保留在其中。The original static view of your Azure CIS 1.1.0 compliance will also remain alongside it. 将来可能会自动删除它。It may be automatically removed in the future.

    备注

    新添加的标准可能需要几个小时才能显示在合规性仪表板中。It may take a few hours for a newly added standard to appear in the compliance dashboard.

    显示旧版和新版 Azure CIS 的合规性仪表板Regulatory compliance dashboard showing old and new Azure CIS

后续步骤Next steps

在本文中,我们已了解到:In this article, you learned:

  • 如何将你的合规性仪表板中显示的标准升级到新的动态包How to upgrade the standards shown in your regulatory compliance dashboard to the new dynamic packages
  • 如何添加合规性包以监视你对其他标准的遵从情况。How to add compliance packages to monitor your compliance with additional standards.

其他相关材料,请参阅以下文章:For other related material, see the following articles: