Azure Policy definitions mapped to the NZISM.
Security template of Microsoft’s Azure Policy definitions
Microsoft provides guidance on Azure Policy definitions and how they map, at the ‘RESTRICTED’ level or below, to the controls in the New Zealand Information Security Manual (NZISM).
Microsoft’s mapping tables include:
- the NZISM controls being met
- identifications with an NZISM benchmark
- ownership of each control
- names in the Azure portal
- versions in GitHub — template commits.
NZISM Restricted blueprint sample
Azure’s blueprint sample helps government organisations to deploy architecture using the Azure Policy that maps to security controls in the NZISM.
The blueprint sample lists how to deploy the core set of policies and the artifact: