The goal of cyber security standards is to improve the security of information technology (IT) systems, networks, and critical infrastructures. A cyber security standard defines both functional and assurance requirements within a product, system, process, or technology environment. A standard must address user needs, but must also be practical since cost and technological limitations must be considered in building products to meet the standard. Additionally, a standard’s requirements must be verifiable; otherwise, users cannot assess security even when products are tested against the standard.
Many organizations security needs are driven by compliance requirements. Azure Security Center measures compliance against the following:
Standard | Author | Description |
Azure CIS 1.1.0 | Center for Internet Security | Set of security controls published by the Center for Internet Security |
PCI DSS 3.2.1 | Payment Card Industry Standards Council | Standards required for organizations that manage payment card data |
ISO 27001 | International Standards Organization | Set of security controls for information security systems. Standard 27017 is cloud computing specific. |
NIST 800-53 | National Institute of Standards and Technology | Security and Privacy Controls for Federal Information Systems and Organizations. |