Control: Azure > CIS v5.0 > 9 - Storage Services > 9.02 - Azure Blob Storage > 9.02.02 - Ensure that soft delete for containers on Azure Blob Storage storage accounts is Enabled
Configures auditing against a CIS Benchmark item.
Level: 1
Containers in Azure storage accounts may contain sensitive or personal data, such as ePHI or financial information. Data that is erroneously modified or deleted by an application or a user can lead to data loss or unavailability.
It is recommended that soft delete for containers be enabled on Azure storage accounts with blob storage to allow for the preservation and recovery of data when containers are deleted.
Containers can be deleted incorrectly. An attacker or malicious user may do this deliberately in order to cause disruption. Deleting a container results in immediate data loss. Enabling this configuration for Azure storage accounts ensures that even if containers are deleted from the storage account, the containers are recoverable for a specific period of time, which is defined in the "Retention policies," ranging from 7 to 365 days.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v5.0
- Azure > CIS v5.0 > 9 - Storage Services > 9.02 - Azure Blob Storage > 9.02.02 - Ensure that soft delete for containers on Azure Blob Storage storage accounts is Enabled
- Azure > CIS v5.0 > 9 - Storage Services
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv5-0#/control/types/r090202
- tmod:@turbot/cis#/control/categories/v071004
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv5-0#/control/types/r090202"
Get Controls