Azure Policy based on industry governance/compliance frameworks
It would be helpful to take some of the control mapping from blueprints against industry frameworks such as PCI-DSS/NIST/etc and allow you to report compliance against those controls for each of the Azure services that exist in your environment.
Integrating something like cloudsecurityalliance.org control matrix or unifiedcompliance.com would be very helpful.
Thanks for you feedback! At Ignite 2019, we were happy to announce our Regulatory Compliance initiatives. We are mapping our policies directly to compliance frameworks. We have started with the NIST framework and will continue with others as time progress. Once again, thanks for your input!
-Azure Policy Team
Gururaj Pandurangi commented
while not exactly an Azure Policy, but we at www.cloudneeti.com have built a product to visualize and manage compliance at scale for PCI/NIST/CSA/ISO27001/HIPAA etc
We partner with Azure and many other security and compliance ecosystem partners to pull in information across various Azure and O365 services. Happy to discuss email@example.com