Additional compliance frameworks now generally available

November 3, 2025
**General Availability: Additional compliance frame

General availability of compliance frameworks
The following regulatory compliance standards, previously available in preview, are now generally available in Microsoft Defender for Cloud.

• APRA CPS 234 (2019) – Azure, AWS
• Australian Government ISM PROTECTED – Azure
• Australian Government Information Security Manual (12.2023) – AWS, GCP
• AWS Foundational Security Best Practices – AWS
• AWS Well-Architected Framework (2024) – AWS
• Brazil General Data Protection Law (LGPD, 2018) – Azure, AWS, GCP
• California Consumer Privacy Act (CCPA) – AWS, GCP
• Canada Federal PBMM (3.2020) – Azure, AWS, GCP
• CIS Amazon Elastic Kubernetes Service (EKS) Benchmark – AWS
• CIS AWS Foundations v3.0.0 – AWS
• CIS Azure Foundations v2.1.0 – Azure
• CIS Azure Kubernetes Service (AKS) Benchmark – Azure
• CIS Controls v8.1 – Azure, AWS, GCP
• CIS GCP Foundations v3.0 – GCP
• CIS Google Cloud Platform Foundation Benchmark – GCP
• CIS Google Kubernetes Engine (GKE) Benchmark – GCP
• CRI Profile – AWS, GCP
• Criminal Justice Information Services Security Policy v5.9.5 – Azure, AWS, GCP
• CSA Cloud Controls Matrix v4.0.12 – Azure, AWS, GCP
• Cyber Essentials v3.1 – Azure, AWS, GCP
• Cybersecurity Maturity Model Certification (CMMC) Level 2 v2.0 – Azure, AWS, GCP
• EU 2022/2555 (NIS2, 2022) – Azure, AWS, GCP
• EU General Data Protection Regulation (GDPR, 2016/679) – Azure, AWS, GCP
• FedRAMP ‘H’ & ‘M’ – Azure
• FedRAMP High Baseline Rev5 – AWS, GCP
• FedRAMP Moderate Baseline Rev5 – AWS, GCP
• FFIEC CAT (2017) – Azure, AWS, GCP
• HIPAA – Azure
• HITRUST CSF v11.3.0 – Azure, AWS, GCP
• ISO/IEC 27001:2022 – Azure, AWS, GCP
• ISO/IEC 27002:2022 – Azure, AWS, GCP
• ISO/IEC 27017:2015 – Azure, AWS, GCP
• NCSC Cyber Assurance Framework (CAF) v3.2 – Azure, AWS, GCP
• NIST 800-171 Rev 3 – Azure, AWS, GCP
• NIST CSF v2.0 – Azure, AWS, GCP
• NIST SP 800-53 R5 – AWS
• NIST SP 800-53 R5.1.1 – Azure, AWS, GCP
• NIST SP 800-172 (2021) – AWS, GCP
• NZISM v3.7 – Azure, AWS, GCP
• PCI DSS 3.2.1 – GCP
• PCI DSS v4.0.1 – Azure, AWS, GCP
• RMIT Malaysia – Azure
• Sarbanes–Oxley Act (SOX, 2022) – Azure, AWS, GCP
• SOC 2023 – Azure, AWS, GCP
• SOC 2 – Azure, GCP
• Spanish ENS – Azure
• SWIFT Customer Security Controls Framework (2024) – Azure, AWS, GCP
• SWIFT CSP-CSCF v2020 – Azure
• UK OFFICIAL and UK NHS – Azure
• Reserve Bank of India – IT Framework for NBFC – Azure
• Cybersecurity Maturity Model Certification (CMMC) Level 3 – Azure, AWS, GCP
• ISO/IEC 27018:2019 – Azure, AWS, GCP
• ISO/IEC 27019:2020 – Azure, AWS, GCP
• NIST SP 800-53 R6 – Azure, AWS, GCP
• NIST SP 800-82 R3 – Azure, AWS, GCP
• NIST AI Risk Management Framework (AI RMF 1.0) – Azure, AWS, GCP
• US Executive Order 14028 – Azure, AWS, GCP
• Singapore MTCS SS 584:2015 – Azure, AWS, GCP
• Thailand PDPA (2019) – Azure, AWS, GCP
• Japan ISMAP – Azure, AWS, GCPorks now generally available

October 31, 2025
GCP Cloud Logging Ingestion Support (Preview)

Microsoft Defender for Cloud now supports GCP Cloud Logging ingestion in Public Preview, further strengthening multi-cloud identity posture and permissions management across GCP environments.

This new capability enables enhanced cloud identity activity insights, permission-usage visibility, and least-privilege recommendations and ensures uninterrupted CIEM recommendations for your GCP environments. To maintain continuous CIEM insights and recommendations for your connected GCP environments, you must enable GCP Cloud Logging ingestion going forward.

Recommended Action
Turn on GCP Cloud Logging ingestion (Preview) by following the steps in our documentation and choosing one of the following options:

1. Create a new Pub/Sub subscription within the wizard, or
2. Provide details for an existing Pub/Sub subscription to ingest logs