Control: Azure > CIS v4.0 > 09 - Security Services > 09.03 - Key Vault > 09.03.10 - Ensure that Azure Key Vault Managed HSM is used when required
Configures auditing against a CIS Benchmark item.
Level: 2
Azure Key Vault Managed HSM is a fully managed, highly available, single-tenant cloud service that safeguards cryptographic keys using FIPS 140-2 Level 3 validated HSMs.
Note: This recommendation to use Managed HSM applies only to scenarios where specific regulatory and compliance requirements mandate the use of a dedicated hardware security module.
Managed HSM is a fully managed, highly available, single-tenant service that ensures FIPS 140-2 Level 3 compliance. It provides centralized key management, isolated access control, and private endpoints for secure access. Integrated with Azure services, it supports migration from Key Vault, ensures data residency, and offers monitoring and auditing for enhanced security.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 09 - Security Services > 09.03 - Key Vault > 09.03.10 - Ensure that Azure Key Vault Managed HSM is used when required
- Azure > CIS v4.0 > 09 - Security Services > 09.03 - Key Vault > 09.03.10 - Ensure that Azure Key Vault Managed HSM is used when required > Attestation
- Azure > CIS v4.0 > Maximum Attestation Duration
- Azure > CIS v4.0
- Azure > CIS v4.0 > 09 - Security Services
- Azure > CIS v4.0 > 09 - Security Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r090310
- tmod:@turbot/cis#/control/categories/v071401
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r090310"
Get Controls