Policy: Azure > CIS v3.0 > 04 - Storage Accounts > 04.15 - Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'

Configures auditing against a CIS Benchmark item.

Level: 1

In some cases, Azure Storage sets the minimum TLS version to be version 1.0 by default. TLS 1.0 is a legacy version and has known vulnerabilities. This minimum TLS version can be configured to be later protocols such as TLS 1.2.

TLS 1.0 has known vulnerabilities and has been replaced by later versions of the TLS protocol. Continued use of this legacy protocol affects the security of data in transit.

Targets

This policy targets the following resource types:

Azure > Storage > Storage Account

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v3.0 > 04 - Storage Accounts

Controls

Setting this policy configures this control:

Azure > CIS v3.0 > 04 - Storage Accounts > 04.15 - Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v3.0 > 04 - Storage Accounts`
Valid Values [YAML]	`Per Azure > CIS v3.0 > 04 - Storage Accounts` `Skip` `Check: Benchmark`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v071404

Policy Type URI

tmod:@turbot/azure-cisv3-0#/policy/types/r0415

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv3-0#/policy/types/r0415") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv3-0#/policy/types/r0415'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv3-0#/policy/types/r0415'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv3-0#/policy/types/r0415"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv3-0#/policy/types/r0415"