Control: Azure > CIS v5.0 > 8 - Security Services > 8.03 - Key Vault > 8.03.06 - Ensure that Role Based Access Control for Azure Key Vault is enabled
Configures auditing against a CIS Benchmark item.
Level: 2
The recommended way to access Key Vaults is to use the Azure Role-Based Access Control (RBAC) permissions model.
Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources. It allows users to manage Key, Secret, and Certificate permissions. It provides one place to manage all permissions across all key vaults.
The new RBAC permissions model for Key Vaults enables a much finer grained access control for key vault secrets, keys, certificates, etc., than the vault access policy. This in turn will permit the use of privileged identity management over these roles, thus securing the key vaults with JIT Access management.
By default, Access control in Key Vaults is Vault Policy.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v5.0
- Azure > CIS v5.0 > 8 - Security Services > 8.03 - Key Vault > 8.03.06 - Ensure that Role Based Access Control for Azure Key Vault is enabled
- Azure > CIS v5.0 > 8 - Security Services
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv5-0#/control/types/r080306
- tmod:@turbot/cis#/control/categories/v071406
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv5-0#/control/types/r080306"
Get Controls