Control: Azure > CIS v5.0 > 9 - Storage Services > 9.03 - Storage Accounts > 9.03.09 - Ensure Azure Resource Manager Delete locks are applied to Azure Storage Accounts
Configures auditing against a CIS Benchmark item.
Level: 1
Resource locks are a free feature that can be applied to Storage Accounts to prevent accidental deletion or modification. To apply a resource lock, the user must have access to the Owner or User Access Administrator role.
Resource Locks have two configuration options - Delete and Read-only. Delete will prevent the deletion of the resource, but will not prevent modifications. Read-only will prevent both deletion and modification.
This is a manual/attestation control. Verify that mission-critical storage accounts have resource locks applied.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v5.0 > Maximum Attestation Duration
- Azure > CIS v5.0 > 9 - Storage Services > 9.03 - Storage Accounts > 9.03.09 - Ensure Azure Resource Manager Delete locks are applied to Azure Storage Accounts > Attestation
- Azure > CIS v5.0
- Azure > CIS v5.0 > 9 - Storage Services > 9.03 - Storage Accounts > 9.03.09 - Ensure Azure Resource Manager Delete locks are applied to Azure Storage Accounts
- Azure > CIS v5.0 > 9 - Storage Services
- Azure > CIS v5.0 > 9 - Storage Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv5-0#/control/types/r090309
- tmod:@turbot/cis#/control/categories/v0710
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv5-0#/control/types/r090309"
Get Controls
Control Type URI
Category URI
GraphQL
CLI