Release 2.0.0 (#15)

* Release 2.0.0

* Release 2.0.0

* Release 2.0.0

---------

Co-authored-by: Microsoft Open Source <microsoftopensource@users.noreply.github.com>

README.md

@@ -1,17 +1,19 @@
 # Microsoft Cloud for Sovereignty Policy Portfolio
-The Microsoft Cloud for Sovereignty Policy Portfolio's Policy Initiatives aid in customizing deployments to reduce the time needed to audit environments and help meet established regulatory compliance frameworks and government requirements. 
+The Microsoft Cloud for Sovereignty Policy Portfolio's Policy Initiatives aid in customizing deployments to reduce the time needed to audit environments and help meet established regulatory compliance frameworks and government requirements.
 
 The first built-in regulatory compliance initiative that Microsoft Cloud for Sovereignty maintains is in support of the cloud-specific technical requirements within the [Baseline informatiebeveiliging overheid](https://www.digitaleoverheid.nl/overzicht-van-alle-onderwerpen/cybersecurity/kaders-voor-cybersecurity/baseline-informatiebeveiliging-overheid/) (BIO), the foundational standards framework for information security within all levels of the Netherlands government (central government, municipalities, provinces and water boards). For more information on the BIO cloud theme initiative, go to [Azure Built-in Policy Initiatives](https://learn.microsoft.com/azure/governance/policy/samples/nl-bio-cloud-theme).
 
-Microsoft Cloud for Sovereignty makes several custom policy initiatives accessible through this repository. In execution of the [Italian Cloud Strategy](https://www.acn.gov.it/en/strategia/strategia-cloud-italia), which contains the strategic guidelines for migration to the cloud of data and digital services of the Italian Public Administration, the National Cybersecurity Agency (ACN) issued a set of requirements for the [qualification of Cloud Services and Cloud Services Infrastructures](https://www.acn.gov.it/en/strategia/strategia-cloud-italia/qualificazione-cloud). In addition, this repository contains policy initiatives for [Cloud Security ALliance (CSA) Cloud Control Matrix (CCM) v4](https://cloudsecurityalliance.org/research/cloud-controls-matrix/) and the sovereignty baseline policy initiatives. The policy initiatives and files contained in this repository are intended to serve as a starting point to map such requirements to an Azure implementation. Please note that these files are not intended to be final or comprehensive solutions, but rather a helpful resource to jumpstart your efforts.
+Microsoft Cloud for Sovereignty makes several custom policy initiatives accessible through this repository. In execution of the [Italian Cloud Strategy](https://www.acn.gov.it/en/strategia/strategia-cloud-italia), which contains the strategic guidelines for migration to the cloud of data and digital services of the Italian Public Administration, the National Cybersecurity Agency (ACN) issued a set of requirements for the [qualification of Cloud Services and Cloud Services Infrastructures](https://www.acn.gov.it/en/strategia/strategia-cloud-italia/qualificazione-cloud). In addition, this repository contains policy initiatives for [Cloud Security ALliance (CSA) Cloud Control Matrix (CCM) v4](https://cloudsecurityalliance.org/research/cloud-controls-matrix/), the [NIS2 Preview](https://eur-lex.europa.eu/eli/dir/2022/2555/oj) and the sovereignty baseline policy initiatives. The policy initiatives and files contained in this repository are intended to serve as a starting point to map such requirements to an Azure implementation. Please note that these files are not intended to be final or comprehensive solutions, but rather a helpful resource to jumpstart your efforts.
 
 **Important** - Organizations are wholly responsible for ensuring their own compliance with all applicable laws and regulations. The information provided in this document and repository does not constitute legal advice, and organizations should consult their legal advisors for any questions regarding regulatory compliance.
 
 The evidence against each security measure and its corresponding security controls shall be assessed to determine whether it meets the security requirements. If the security requirements are not fulfilled, the outstanding risks shall be identified. The SAA and/or NCSP shall identify any additional security measures and controls needed to attain an acceptable residual risk, which would be implemented by the NCSP and/or CSP.
 
 **Note** - These policies may help you assess compliance with the control; however, there often is not a one-to-one or complete match between a control and one or more policies. As such, Compliant in Azure Policy refers only to the policy definitions themselves; this doesn't ensure you're fully compliant with all requirements of a control. In addition, the compliance standard includes controls that aren't addressed by any Azure Policy definitions at this time. Therefore, compliance in Azure Policy is only a partial view of your overall compliance status. The associations between compliance domains, controls, and Azure Policy definitions for this compliance standard may change over time. To view the change history, see the GitHub Commit History.
 
-To assist with implementation of custom initiatives, see the `New-PolicySets.ps1` PowerShell script under our scripts folder. 
+For **built-in** policy initiatives, there is a link provided to the Azure Policy blade where you can assign the policy to your tenant or resource directly. 
+
+For **custom** policy initiatives, the Deploy to Azure button can be utilized to make the policy initiative available for your environment to then be assigned to a specific tenant or resource. 
 
 ## Shared responsibility and customer responsibilities
 

SUPPORT.md

@@ -1,34 +1,34 @@
-# Support
-
-## General Questions
-
-If you have questions you haven't been able to answer from the [Azure Policy documentation](https://docs.microsoft.com/azure/governance/policy), there are a few places that host discussions on Azure Policy:
-- [Microsoft Tech Community](https://techcommunity.microsoft.com/) 
-- [Azure Governance conversation space](https://techcommunity.microsoft.com/t5/Azure-Governance/bd-p/AzureGovernance)
-- Search or add to Azure Policy discussions on [StackOverflow](https://stackoverflow.com/questions/tagged/azure-policy+or+azure+policy)
-- Additional information can be found in the [Azure Policy - Microsoft Q&A](https://learn.microsoft.com/answers/tags/228/azure-policy)
-- If interested in authoring custom definitions, you can also leverage this [Azure/Community-Policy](https://github.com/Azure/Community-Policy) repository for contributing.
-
-If you are encountering difficulties in implementing new policies that may be due to problems in Azure Policy itself, open a support ticket at [Azure Customer Support](https://azure.microsoft.com/support/create-ticket/). 
-
-## Built-in Definitions
-
-The support for addressing built-in definition issues is handled by Azure Customer Support. Open a new [Azure Customer Support ticket](https://azure.microsoft.com/support/create-ticket/) if you believe a definition has a bug or error.
-
-## Azure Policy Known Issues
-
-Check here for a current list of [known issues](https://github.com/Azure/azure-policy/tree/master#known-issues) for Azure Policy.
-
-## How to file issues and get help  
-
-This project uses GitHub Issues to track bugs and feature requests. Please search the existing
-issues before filing new issues to avoid duplicates.  For new issues, file your bug or
-feature request as a new Issue.
-
-Issues can be created and searched through under the "Issues" tab.
-
-Please provide as much information as possible when filing an issue (please redact any sensitive information). We may ask you to create an Azure support request using the following process documented [here](https://learn.microsoft.com/azure/azure-portal/supportability/how-to-create-azure-support-request).
-
-## Microsoft Support Policy  
-
-Support for this **PROJECT or PRODUCT** is limited to the resources listed above.
+# Support
+
+## General Questions
+
+If you have questions you haven't been able to answer from the [Azure Policy documentation](https://docs.microsoft.com/azure/governance/policy), there are a few places that host discussions on Azure Policy:
+- [Microsoft Tech Community](https://techcommunity.microsoft.com/) 
+- [Azure Governance conversation space](https://techcommunity.microsoft.com/t5/Azure-Governance/bd-p/AzureGovernance)
+- Search or add to Azure Policy discussions on [StackOverflow](https://stackoverflow.com/questions/tagged/azure-policy+or+azure+policy)
+- Additional information can be found in the [Azure Policy - Microsoft Q&A](https://learn.microsoft.com/answers/tags/228/azure-policy)
+- If interested in authoring custom definitions, you can also leverage this [Azure/Community-Policy](https://github.com/Azure/Community-Policy) repository for contributing.
+
+If you are encountering difficulties in implementing new policies that may be due to problems in Azure Policy itself, open a support ticket at [Azure Customer Support](https://azure.microsoft.com/support/create-ticket/). 
+
+## Built-in Definitions
+
+The support for addressing built-in definition issues is handled by Azure Customer Support. Open a new [Azure Customer Support ticket](https://azure.microsoft.com/support/create-ticket/) if you believe a definition has a bug or error.
+
+## Azure Policy Known Issues
+
+Check here for a current list of [known issues](https://github.com/Azure/azure-policy/tree/master#known-issues) for Azure Policy.
+
+## How to file issues and get help  
+
+This project uses GitHub Issues to track bugs and feature requests. Please search the existing
+issues before filing new issues to avoid duplicates.  For new issues, file your bug or
+feature request as a new Issue.
+
+Issues can be created and searched through under the "Issues" tab.
+
+Please provide as much information as possible when filing an issue (please redact any sensitive information). We may ask you to create an Azure support request using the following process documented [here](https://learn.microsoft.com/azure/azure-portal/supportability/how-to-create-azure-support-request).
+
+## Microsoft Support Policy  
+
+Support for this **PROJECT or PRODUCT** is limited to the resources listed above.

PolicyInitiatives/ACN/Initiative A2_1_Ordinari.json → cloud-for-sovereignty/ACN/Initiative A2_1_Ordinari.json

@@ -8,7 +8,7 @@
         "version": "1.2.0",
         "preview": false
       },
-      "version": "1.2.0",
+      "version": "1.0.0",
       "policyDefinitionGroups": [
         {
           "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ACN_A2_1_A.AA_1_1",

PolicyInitiatives/ACN/Initiative A2_2_Critici.json → cloud-for-sovereignty/ACN/Initiative A2_2_Critici.json

@@ -8,7 +8,7 @@
         "version": "1.2.0",
         "preview": false
       },
-      "version": "1.2.0",
+      "version": "1.0.0",
       "policyDefinitionGroups": [
         {
           "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ACN_A2_2_PR.AC_2_3",

PolicyInitiatives/ACN/Initiative B2_1_Ordinari.json → cloud-for-sovereignty/ACN/Initiative B2_1_Ordinari.json

@@ -8,7 +8,7 @@
         "version": "1.2.0",
         "preview": false
       },
-      "version": "1.2.0",
+      "version": "1.0.0",
       "policyDefinitionGroups": [
         {
           "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ACN_B2_1_QU.SE_2_1",

PolicyInitiatives/ACN/Initiative B2_2_Critici.json → cloud-for-sovereignty/ACN/Initiative B2_2_Critici.json

@@ -8,7 +8,7 @@
         "version": "1.2.0",
         "preview": false
       },
-      "version": "1.2.0",
+      "version": "1.0.0",
       "policyDefinitionGroups": [
         {
           "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ACN_B2_2_ID.GV_1_3",

PolicyInitiatives/ACN/README.md → cloud-for-sovereignty/ACN/README.md

@@ -1,4 +1,41 @@
-# Italian National Cybersecurity Agency (ACN) Cloud Service Qualification - Policy Initiative
+# Italian National Cybersecurity Agency (ACN) Cloud Service Qualification Custom Policy Initiative
+<table>
+    <tr>
+        <th colspan='2' style='text-align:center'>Policy Initiative</th>
+    </tr>
+    <tr>
+        <td>Initiative A2 1 Ordinari</td>
+        <td>
+                <a href=https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fcloud-for-sovereignty-policy-portfolio%2Frefs%2Fheads%2Fmain%2Fcloud-for-sovereignty%2FARMTemplates%2FInitiative%20A2_1_Ordinari.json target=_blank>
+                    <img src=https://aka.ms/deploytoazurebutton/>
+                </a>
+                </td>
+    </tr>
+    <tr>
+        <td>Initiative A2 2 Critici</td>
+        <td>
+                <a href=https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fcloud-for-sovereignty-policy-portfolio%2Frefs%2Fheads%2Fmain%2Fcloud-for-sovereignty%2FARMTemplates%2FInitiative%20A2_2_Critici.json target=_blank>
+                    <img src=https://aka.ms/deploytoazurebutton/>
+                </a>
+                </td>
+    </tr>
+    <tr>
+        <td>Initiative B2 1 Ordinari</td>
+        <td>
+                <a href=https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fcloud-for-sovereignty-policy-portfolio%2Frefs%2Fheads%2Fmain%2Fcloud-for-sovereignty%2FARMTemplates%2FInitiative%20B2_1_Ordinari.json target=_blank>
+                    <img src=https://aka.ms/deploytoazurebutton/>
+                </a>
+                </td>
+    </tr>
+    <tr>
+        <td>Initiative B2 2 Critici</td>
+        <td>
+                <a href=https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fcloud-for-sovereignty-policy-portfolio%2Frefs%2Fheads%2Fmain%2Fcloud-for-sovereignty%2FARMTemplates%2FInitiative%20B2_2_Critici.json target=_blank>
+                    <img src=https://aka.ms/deploytoazurebutton/>
+                </a>
+                </td>
+    </tr>
+</table>
 
 In execution of the [Italian Cloud Strategy](https://www.acn.gov.it/en/strategia/strategia-cloud-italia), which contains the strategic guidelines for migration to the cloud of data and digital services of the Italian Public Administration, the National Cybersecurity Agency (ACN) issued a set of requirements for the [qualification of Cloud Services and Cloud Services Infrastructures](https://www.acn.gov.it/en/strategia/strategia-cloud-italia/qualificazione-cloud). 
 The policy initiatives and files contained in this repository are intended to serve as a starting point to map such requirements to an Azure implementation. Please note that these files are not intended to be final or comprehensive solutions, but rather a helpful resource to jumpstart your efforts.
@@ -38,7 +75,32 @@ The contents of this ACN Folder are:
 
 
     <u>NOTE 2:</u> The ACN Policy Initiatives do not currently include required measures that could not be mapped to any Azure Policy. Addressing this gap with new policies may be the subject of a future update to the ACN Policy Initiatives.
-
+
+The Deploy to Azure feature can be utilized to make this policy initiative available for your environment to then be assigned to a specific tenant or resource. 
+
 ## Contributions
 
 Changes can not be made to the policy initiative directly in this repo. If you find an issue, feel free to open a Pull Request with the proposed fix.
+
+## Shared responsibility and customer responsibilities
+
+To ensure your data is secure and your privacy controls are addressed, we recommend that you follow a set of best practices when deploying into Azure:
+
+* [Azure security best practices and patterns](https://learn.microsoft.com/azure/security/fundamentals/best-practices-and-patterns)
+* [Microsoft Services in Cybersecurity](https://learn.microsoft.com/azure/security/fundamentals/cyber-services)
+
+Protecting your data also requires that all aspects of your security and compliance program include your cloud infrastructure and data. 
+The following guidance can help you to secure your deployment.
+
+## Trademarks
+
+This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft 
+trademarks or logos is subject to and must follow 
+[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/legal/intellectualproperty/trademarks/usage/general).
+Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
+Any use of third-party trademarks or logos are subject to those third-party's policies.
+
+## Microsoft Legal Notice
+
+**Microsoft Legal Notice:** The Microsoft (MS) Cloud for Sovereignty Policy Portfolio (1) is not designed, intended, or made available as legal services, (2) is not intended to substitute for professional legal counsel or judgment, and (3) should not be used in place of consulting with a qualified professional legal professional for your specific needs. Microsoft makes no warranty that the Microsoft (MS) Cloud for Sovereignty Policy Portfolio is accurate, up-to-date, or complete. You are wholly responsible for ensuring your own compliance with all applicable laws and regulations. 
+