1. Curated catalog
Each framework maps every control to Azure Policy definition IDs, Defender for Cloud categories, and evidence examples.
Frameworks
ComplianceIQ ships curated catalogs for financial, healthcare, and government standards across the Gulf and Africa. Every control is mapped to Azure Policy and Microsoft Defender for Cloud, then packaged as an initiative you can deploy in audit-only mode.
Lifecycle
From a curated control catalog to an audit-only Azure Policy initiative in four steps.
Each framework maps every control to Azure Policy definition IDs, Defender for Cloud categories, and evidence examples.
Upload a new framework and the AI agent maps its controls to the Microsoft Cloud Security Benchmark and Azure guidance.
Mappings become an Azure Policy set definition in the framework/ directory, with every GUID validated against live Azure data.
Initiatives deploy in DoNotEnforce mode and report compliance in Microsoft Defender for Cloud. No blocking, no surprises.
Catalog
Region-specific standards, each with a ready-made policy initiative.
The Saudi Central Bank (SAMA) Cyber Security Framework for regulated banks, insurers, and financial-market institutions.
Abu Dhabi's Healthcare Information and Cyber Security Standard (v2) governing protection of health-sector information systems and data.
Consolidated Saudi government cloud security controls spanning national cybersecurity and public-sector cloud requirements.
Saudi National Data Management Office standards covering data management and personal data protection across 15 control domains.
Saudi National Cybersecurity Authority Critical Systems Cybersecurity Controls (CSCC-1:2019) for critical national infrastructure.
South African government cloud security controls covering national digital-governance and public-sector data requirements.
Oman Government cloud security controls based on the Cyber Defense Centre (CDC) cloud security framework.
In practice
The framework/ directory holds deployable policy JSON for all seven frameworks, plus tooling to keep GUIDs accurate.
# Deploy all 7 initiatives to your Azure subscription
cd framework/
./DeployAllInitiatives.ps1 -TenantId <tenant-id> -SubscriptionId <subscription-id>
# Pre-flight: validate every policy GUID against live Azure data
python3 validate_guids.py
Audit-only by default. Initiatives are assigned in DoNotEnforce mode: they evaluate resources and report compliance state, but never block deployments or trigger auto-remediation. Safe for production subscriptions.
GUID validation built in. validate_guids.py checks every policy GUID against the full set of Azure built-in policies, and DeployAllInitiatives.ps1 runs it automatically as a pre-flight step before each deployment.
Monitored in Defender for Cloud. Once deployed, each initiative surfaces its compliance posture in Microsoft Defender for Cloud, ready for audit evidence and reporting.
Bring a PDF or control spreadsheet and let the AI agent do the mapping.