New Zealand Information Security Manual (NZISM) compliance guide
Microsoft is a leader of secure cloud computing for New Zealand (NZ) with next generation of artificial intelligence-powered technologies, aligning to NZ Government's Cloud First Policy.
For more information, see NZ Government Information Security and Privacy Considerations.
As part of the compliance requirements, the New Zealand Information Security Manual (NZISM) details processes and controls essential for the protection of all Government information and systems.
The NZISM is intended for use by New Zealand Government departments, agencies and organisations. Crown entities, local government and private sector organisations are also encouraged to use this manual.
In assisting with New Zealand customers to be able to comply to the NZISM, Microsoft has developed Azure built-in policy initiatives definitions which align to the NZISM. Key recommendations from NZISM, such as the use of multi-factor authentication (MFA), secure configuration of systems, and continuous monitoring of networks, can be enforced using tools such as Defender for Cloud. Essential 8 is also used by NZ. For more information on implementing Essential 8 in the Microsoft environment, see Microsoft Essential 8 guide
By adopting solutions like Entra ID, Microsoft Defender for Endpoint, and continuous compliance offerings, organizations can ensure that they are meeting NZISM's standards for protecting sensitive information and responding to security incidents effectively.
Microsoft Azure supports use of compliance frameworks such as NZISM. These can be enabled in Defender for Cloud as a Regulatory Compliance Framework. These frameworks are updated periodically.
To learn how to install a framework such as the NZISM framework, see Regulatory Compliance in initiative definitions - Azure Policy.
Endpoint NZISM monitoring and continuous compliance
To review and maintain security policies and/or compliance baselines, Microsoft recommends using these guides with the objective to stay continually compliant by preventing compliance drift by using Microsoft Purview Compliance Manager.
Purview Compliance Manager Premium templates are available on to assist from a monitoring, continuous assessment, and configuration drift/configuration management perspective.
Current NZ premium templates available are:
- New Zealand Privacy Act / 2020.
- New Zealand Public Records Act.
- New Zealand Reserve Bank BS11 Outsourcing Policy.
- New Zealand Telecommunications Information Privacy Code.
- New Zealand Health Data Retention Policy..
- New Zealand Health Information Privacy Code.
- New Zealand Health Information Security Framework (HISF).
- New Zealand Information Security Manual (NZISM).