Mod: azure-cisv1-2
The azure-cisv1-2 mod consists of 67 policies and 38 controls.
Recommended Version
Version
5.0.0
Released On
Mar 05, 2021
Depends On
azure ^5.0.0
azure-activedirectory ^5.0.0
azure-aks ^5.0.0
azure-appservice ^5.0.0
azure-compute ^5.0.0
azure-iam ^5.0.0
azure-keyvault ^5.0.0
azure-monitor ^5.0.0
azure-mysql ^5.0.0
azure-network ^5.0.0
azure-networkwatcher ^5.0.0
azure-postgresql ^5.0.0
azure-provider ^5.0.0
azure-securitycenter ^5.0.0
azure-sql ^5.0.0
azure-storage ^5.0.0
cis ^5.0.0
turbot ^5.0.0
turbot-iam ^5.1.0
azure-activedirectory ^5.0.0
azure-aks ^5.0.0
azure-appservice ^5.0.0
azure-compute ^5.0.0
azure-iam ^5.0.0
azure-keyvault ^5.0.0
azure-monitor ^5.0.0
azure-mysql ^5.0.0
azure-network ^5.0.0
azure-networkwatcher ^5.0.0
azure-postgresql ^5.0.0
azure-provider ^5.0.0
azure-securitycenter ^5.0.0
azure-sql ^5.0.0
azure-storage ^5.0.0
cis ^5.0.0
turbot ^5.0.0
turbot-iam ^5.1.0
Controls
- Azure > CIS v1.2
- Azure > CIS v1.2 > 1 - Identity and Access Management
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.01 - Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.02 - Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.03 - Ensure guest users are reviewed on a monthly basis (Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.04 - Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.05 - Ensure that 'Number of methods required to reset' is set to '2' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.06 - Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.07 - Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.08 - Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.09 - Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.10 - Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.11 - Ensure that 'Users can register applications' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.12 - Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.13 - Ensure that 'Members can invite' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.14 - Ensure that 'Guests can invite' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.15 - Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.16 - Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.17 - Ensure that 'Users can create security groups' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.18 - Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.19 - Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.20 - Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.21 - Ensure that no custom subscription owner roles are created (Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.22 - Ensure Security Defaults is enabled on Azure Active Directory (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.23 - Ensure Custom Role is assigned for Administering Resource Locks (Not Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.01 - Ensure Virtual Machines are utilizing Managed Disks (Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.02 - Ensure that 'OS and Data' disks are encrypted with CMK (Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.03 - Ensure that 'Unattached disks' are encrypted with CMK (Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.04 - Ensure that only approved extensions are installed (Not Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.05 - Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.06 - Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.01 - Ensure that the expiration date is set on all keys (Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.02 - Ensure that the expiration date is set on all secrets (Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.03 - Ensure that Resource Locks are set for mission critical Azure resources (Not Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.04 - Ensure the key vault is recoverable (Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.05 - Enable role-based access control (RBAC) within Azure Kubernetes Services (Scored)
Policies
- Azure > CIS v1.2
- Azure > CIS v1.2 > 1 - Identity and Access Management
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.01 - Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.01 - Ensure that multi-factor authentication is enabled for all privileged users (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.02 - Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.02 - Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.03 - Ensure guest users are reviewed on a monthly basis (Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.04 - Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.04 - Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.05 - Ensure that 'Number of methods required to reset' is set to '2' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.05 - Ensure that 'Number of methods required to reset' is set to '2' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.06 - Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.06 - Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.07 - Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.07 - Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.08 - Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.08 - Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.09 - Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.09 - Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.10 - Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.10 - Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.11 - Ensure that 'Users can register applications' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.11 - Ensure that 'Users can register applications' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.12 - Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.12 - Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.13 - Ensure that 'Members can invite' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.13 - Ensure that 'Members can invite' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.14 - Ensure that 'Guests can invite' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.14 - Ensure that 'Guests can invite' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.15 - Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.15 - Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.16 - Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.16 - Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.17 - Ensure that 'Users can create security groups' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.17 - Ensure that 'Users can create security groups' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.18 - Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.18 - Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.19 - Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.19 - Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.20 - Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.20 - Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.21 - Ensure that no custom subscription owner roles are created (Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.22 - Ensure Security Defaults is enabled on Azure Active Directory (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.22 - Ensure Security Defaults is enabled on Azure Active Directory (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.23 - Ensure Custom Role is assigned for Administering Resource Locks (Not Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.23 - Ensure Custom Role is assigned for Administering Resource Locks (Not Scored) > Attestation
- Azure > CIS v1.2 > 1 - Identity and Access Management > Maximum Attestation Duration
- Azure > CIS v1.2 > 7 - Virtual Machines
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.01 - Ensure Virtual Machines are utilizing Managed Disks (Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.02 - Ensure that 'OS and Data' disks are encrypted with CMK (Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.03 - Ensure that 'Unattached disks' are encrypted with CMK (Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.04 - Ensure that only approved extensions are installed (Not Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.04 - Ensure that only approved extensions are installed (Not Scored) > Attestation
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.05 - Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.05 - Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored) > Attestation
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.06 - Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored)
- Azure > CIS v1.2 > 7 - Virtual Machines > 7.06 - Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored) > Attestation
- Azure > CIS v1.2 > 7 - Virtual Machines > Maximum Attestation Duration
- Azure > CIS v1.2 > 8 - Other Security Considerations
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.01 - Ensure that the expiration date is set on all keys (Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.02 - Ensure that the expiration date is set on all secrets (Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.03 - Ensure that Resource Locks are set for mission critical Azure resources (Not Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.03 - Ensure that Resource Locks are set for mission critical Azure resources (Not Scored) > Attestation
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.04 - Ensure the key vault is recoverable (Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.05 - Enable role-based access control (RBAC) within Azure Kubernetes Services (Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > Maximum Attestation Duration
- Azure > CIS v1.2 > Maximum Attestation Duration