Skip to main content


Today we are pleased to announce the release of a new Azure Security and Compliance Blueprint for FFIEC Financial Services Regulated Workloads

The Azure Security and Compliance Blueprint Program provides automated solutions and guidance for rapid deployment of Azure services that meet specific regulatory requirements from weeks to a few hours. The new FFIEC Financial Services Regulated Workloads Blueprint gives you an automated solution that will help guide you in storing and managing sensitive financial information such as payment data in Azure. The FFIEC Financial Services Regulated Workloads Blueprint is designed to help customers meet compliance requirements outlined in the American Institute of Certified Public Accountants (AICPA) SOC 1 and SOC 2 standards, the Payment Card Industry Data Security Standard (PCI DSS) version 3.2, as well as the Federal Financial Institutions Examination Council (FFIEC), and Gramm-Leach-Bliley Act (GLBA).


Using the FFIEC Financial Services Regulated Workloads Blueprint, you can deploy and securely configure an Azure SQL Database, a web application protected by security services such as Azure App Service Environment (ASE), the Web Application Firewall (WAF), and Azure Security Center (ASC). Automated templates and reference architectures are provided to help you implement the technical controls required to achieve a trusted and more secure end to end compliant deployment.


The FFIEC Financial Services Regulated Workloads Blueprint also includes a new customer responsibility matrix using the FFIEC risk assessment tool. In addition, the Workbook included in the Blueprint provides customer actionable answers to controls across 19 control domains, and provides control alignment with compliance regimes including PCI DSS, FFIEC, GLBA, and SOC. 

  • Explore the solution at which includes links to the scripts and Azure Resource Manager templates.
  • Review the customer responsibility matrix to understand how security controls where implemented to help meet various requirements.
  • Watch the eight-minute video discussing the solution and describing the deployment process.

For any questions and to access to these documents, please e-mail

We welcome your comments and suggestions to help us continually improve your Azure Security and Compliance Blueprint Program experience.

  • Explore


    Let us know what you think of Azure and what you would like to see in the future.


    Provide feedback

  • Build your cloud computing and Azure skills with free courses by Microsoft Learn.


    Explore Azure learning