Initial Azure Policy selection for SCCA compliance

[brooke-hamilton]

Benefit/Result/Outcome
So that compliance is as automatic and unattended as possible.

Description Select existing Azure Policies that apply to the SCCA controls. Identify which controls each policy applies to. It is also fine to add additional policies that apply to other compliance frameworks if we identify which ones they apply to.

Acceptance Criteria

• A set of default policies is included in the Mission LZ deployment.
• A markdown document exists in the docs folder that defines how each policy applies to SCCA controls or other control frameworks.

[brooke-hamilton]

No relevant policies

[brooke-hamilton]

Based on customer feedback we restarted our efforts to implement policy initiatives.

[shawngib]

Work items are being created for central logging. Currently Flow logs are set up via individual NSGs to storage accounts in the RGs so it is not a priority to set this up via policy although auditing this will be required. Also further documentation is required to ensure customers comfort level with current policy capabilities and intersection with SCCA requirements.