Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading policies...

Policy: Azure > CIS v1 > Maximum Attestation Duration

The maximum duration for CIS Attestations. Attestation policies can not be set further in the future than is specified here

Targets

This policy targets the following resource types:

  • Azure > Active Directory > Directory
  • Azure > Subscription
  • Azure > Tenant

Primary Policy

This policy is used with the following primary policy:

  • Azure > CIS v1

Controls

Setting this policy configures these controls:

  • Azure > CIS v1 > 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.05 Ensure that 'Number of methods required to reset' is set to '2' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.06 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.07 Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.08 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.09 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.11 Ensure that 'Users can register applications' is set to 'No' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.13 Ensure that 'Members can invite' is set to 'No' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.14 Ensure that 'Guests can invite' is set to 'No' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.16 Ensure that 'Self-service group management enabled' is set to 'No' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.17 Ensure that 'Users can create security groups' is set to 'No' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.18 Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.21 Ensure that 'Enable "All Users" group' is set to 'Yes' (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored)
  • Azure > CIS v1 > 3 Storage > 3.02 Ensure that storage account access keys are periodically regenerated (Not Scored)
  • Azure > CIS v1 > 3 Storage > 3.04 Ensure that shared access signature tokens expire within an hour (Not Scored)
  • Azure > CIS v1 > 3 Storage > 3.05 Ensure that shared access signature tokens are allowed only over https (Not Scored)
  • Azure > CIS v1 > 7 Virtual Machines > 7.04 Ensure that only approved extensions are installed (Not Scored)
  • Azure > CIS v1 > 7 Virtual Machines > 7.05 Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored)
  • Azure > CIS v1 > 7 Virtual Machines > 7.06 Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored)
  • Azure > CIS v1 > 8 Other Security Considerations > 8.03 Ensure that Resource Locks are set for mission critical Azure resources (Not Scored)

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip

  • 30 days

  • 60 days

  • 90 days

  • 1 year

  • 2 years

  • 3 years

Category

  • CIS

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/cis#/control/categories/cis
    • Policy Type URI
    • tmod:@turbot/azure-cisv1#/policy/types/attestation
    • GraphQL
    • query policyType(id: "tmod:@turbot/azure-cisv1#/policy/types/attestation") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv1#/policy/types/attestation'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv1#/policy/types/attestation'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/azure-cisv1#/policy/types/attestation"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv1#/policy/types/attestation"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
204
Resource Types
3,575
Policies
1,941
Controls
103
Quick Actions
111
IAM