AzureStack Security aka.ms/AzureStack/Security

Hello once again!  This will be an evolving blog, but many are asking what are the specific certifications around Azure Stack. Below is an excerpt from our engineering group.

"Customers told us that compliance paperwork is a major frustration. To alleviate that, Azure Stack is going through a formal assessment with a 3PAO (3rd-Party Assessor Organization). The outcome of this effort will be documentation on how the Azure Stack infrastructure meets the applicable controls from several major compliance standards. Customers will be able to use this documentation to jump-start their certification process. For the first round of assessments, we are targeting the following standards: PCI-DSS and the CSA Cloud Control Matrix. The former addresses the payment card industry while the latter gives comprehensive mapping across multiple standards.

Concurrently, we have also started the process to certify Azure Stack for Common Criteria. Given the length of the process, this certification will be completed sometime early next year.

It is important to clarify that Microsoft will not certify Azure Stack for those standards, except for Common Criteria, because several controls within those standards are the customer’s responsibility, that is, people- and process-related controls. Microsoft is formally validating that Azure Stack meets the applicable controls. As a result of this validation, Microsoft, via the 3PAO, will produce pre-compiled documentation that explains how Azure Stack meets the applicable controls."

Only VALIDATED for the technology component is carried out for Azure Stack, the people and process components of certification are still the customers responsibility.

Read the rest of the blog ... Security and Compliance in Azure Stack.

Or better yet, just WATCH IT :) Security and Compliance in Azure Stack on YouTube.

Per the blog, make your voice heard below!

In the coming months, Azure Stack will continue to expand the portfolio of standards to validate against. The decision about which standard to prioritize will be based on customer demand. To express your preference about which standard Azure Stack should prioritize, please fill out this survey.

Otherwise, the current documentation on Docs under the Security header include the following topics:

• Manage Role-Based Access Control
• Add a new Azure Stack tenant account in Azure Active Directory
• Add users in the Azure Stack Development Kit
• Provide applications access to Azure Stack (+Service Principals)
• Enable multi-tenancy in Azure Stack
• Azure Stack datacenter integration - Security