Control: Azure > CIS v5.0 > 9 - Storage Services > 9.03 - Storage Accounts > 9.03.10 - Ensure Azure Resource Manager ReadOnly locks are considered for Azure Storage Accounts
Configures auditing against a CIS Benchmark item.
Level: 2
While a Delete lock is useful to prevent accidental deletion, a Read-only lock can provide additional protection by preventing modifications to the storage account configuration. This is particularly valuable for mission-critical storage accounts where configuration changes could impact business operations.
This is a manual/attestation control. Consider using Read-only locks for mission-critical storage accounts where configuration changes should be controlled.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v5.0 > Maximum Attestation Duration
- Azure > CIS v5.0 > 9 - Storage Services > 9.03 - Storage Accounts > 9.03.10 - Ensure Azure Resource Manager ReadOnly locks are considered for Azure Storage Accounts > Attestation
- Azure > CIS v5.0
- Azure > CIS v5.0 > 9 - Storage Services > 9.03 - Storage Accounts > 9.03.10 - Ensure Azure Resource Manager ReadOnly locks are considered for Azure Storage Accounts
- Azure > CIS v5.0 > 9 - Storage Services
- Azure > CIS v5.0 > 9 - Storage Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv5-0#/control/types/r090310
- tmod:@turbot/cis#/control/categories/v0710
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv5-0#/control/types/r090310"
Get Controls
Control Type URI
Category URI
GraphQL
CLI