Control: Azure > CIS v1 > 3 Storage

Primary Policies

The following policies can be used to configure this control:

• 3 Storage > 3.01 Ensure that 'Secure transfer required' is set to 'Enabled' (Scored)
• 3 Storage > 3.02 Ensure that storage account access keys are periodically regenerated (Not Scored)
• 3 Storage > 3.02 Ensure that storage account access keys are periodically regenerated (Not Scored) > Attestation
• 3 Storage > 3.03 Ensure Storage logging is enabled for Queue service for read, write, and delete requests (Not Scored)
• 3 Storage > 3.04 Ensure that shared access signature tokens expire within an hour (Not Scored)
• 3 Storage > 3.04 Ensure that shared access signature tokens expire within an hour (Not Scored) > Attestation
• 3 Storage > 3.05 Ensure that shared access signature tokens are allowed only over https (Not Scored)
• 3 Storage > 3.05 Ensure that shared access signature tokens are allowed only over https (Not Scored) > Attestation
• 3 Storage > 3.06 Ensure that 'Public access level' is set to Private for blob containers (Scored)
• 3 Storage > 3.07 Ensure default network access rule for Storage Accounts is set to deny (Scored)
• 3 Storage > 3.08 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access (Not Scored)
• 3 Storage

Category

• CIS

In Your Workspace

• Controls by Resource report
• Controls by Control Type report

Developers

Control Type URI

tmod:@turbot/azure-cisv1#/control/types/s03

Category URI

tmod:@turbot/cis#/control/categories/cis

GraphQL

query controlType(id: "tmod:@turbot/azure-cisv1#/control/types/s03") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-cisv1#/control/types/s03'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv1#/control/types/s03"