Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading policies...

Policy: Azure > CIS v1.2 > Maximum Attestation Duration

The maximum duration for CIS Attestations. Attestation policies can not be set further in the future than is specified here

Targets

This policy targets the following resource types:

  • Azure > Active Directory > Directory
  • Azure > Subscription
  • Azure > Tenant

Primary Policy

This policy is used with the following primary policy:

  • Azure > CIS v1.2

Controls

Setting this policy configures these controls:

  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.01 - Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.02 - Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.04 - Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.05 - Ensure that 'Number of methods required to reset' is set to '2' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.06 - Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.07 - Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.08 - Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.09 - Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.10 - Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.11 - Ensure that 'Users can register applications' is set to 'No' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.12 - Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.13 - Ensure that 'Members can invite' is set to 'No' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.14 - Ensure that 'Guests can invite' is set to 'No' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.15 - Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.16 - Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.17 - Ensure that 'Users can create security groups' is set to 'No' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.18 - Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.19 - Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.20 - Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.22 - Ensure Security Defaults is enabled on Azure Active Directory (Not Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.23 - Ensure Custom Role is assigned for Administering Resource Locks (Not Scored)
  • Azure > CIS v1.2 > 7 - Virtual Machines > 7.04 - Ensure that only approved extensions are installed (Not Scored)
  • Azure > CIS v1.2 > 7 - Virtual Machines > 7.05 - Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored)
  • Azure > CIS v1.2 > 7 - Virtual Machines > 7.06 - Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored)
  • Azure > CIS v1.2 > 8 - Other Security Considerations > 8.03 - Ensure that Resource Locks are set for mission critical Azure resources (Not Scored)

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip

  • 30 days

  • 60 days

  • 90 days

  • 1 year

  • 2 years

  • 3 years

Category

  • CIS

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/cis#/control/categories/cis
    • Policy Type URI
    • tmod:@turbot/azure-cisv1-2#/policy/types/attestation
    • GraphQL
    • query policyType(id: "tmod:@turbot/azure-cisv1-2#/policy/types/attestation") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv1-2#/policy/types/attestation'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv1-2#/policy/types/attestation'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/azure-cisv1-2#/policy/types/attestation"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv1-2#/policy/types/attestation"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
205
Resource Types
3,574
Policies
1,936
Controls
103
Quick Actions
114
IAM