Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading policies...

Policy: Azure > CIS v4.0 > 02 - Common Reference Recommendations

This section covers common reference recommendations for encryption and network policies on Azure resources.

Targets

This policy targets the following resource types:

  • Azure > Active Directory > Directory
  • Azure > Subscription
  • Azure > Tenant

Primary Policy

This policy is used with the following primary policy:

  • Azure > CIS v4.0

Related Policies

  • 02.01 - Secrets and Keys
  • 02.02 - Networking
  • Maximum Attestation Duration

Controls

Setting this policy configures these controls:

  • Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.01 - Secrets and Keys > 02.01.01 - Encryption Key Management > 02.01.01.01 - Microsoft Managed Keys (MMK) > 02.01.01.01.01 - Ensure Critical Data is Encrypted with Microsoft Managed Keys (MMK)
  • Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.01 - Secrets and Keys > 02.01.01 - Encryption Key Management > 02.01.01.02 - Customer Managed Keys (CMK) > 02.01.01.02.01 - Ensure Critical Data is Encrypted with Customer Managed Keys (CMK)
  • Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.02 - Networking > 02.02.01 - Virtual Networks (VNets) > 02.02.01.01 - Ensure public network access is Disabled
  • Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.02 - Networking > 02.02.01 - Virtual Networks (VNets) > 02.02.01.02 - Ensure Network Access Rules are set to Deny-by-default
  • Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.02 - Networking > 02.02.02 - Private Endpoints > 02.02.02.01 - Ensure Private Endpoints are used to access {service}
  • Azure > CIS v4.0 > 06 - Identity Services > 06.02 - Conditional Access > 06.02.01 - Ensure that 'trusted locations' are defined

Policy Specification

Schema Type
string
Default
Per Azure > CIS v4.0
Valid Values [YAML]
  • Per Azure > CIS v4.0

  • Skip

  • Check: All CIS Benchmarks except attestations

  • Check: All CIS Benchmarks
Examples [YAML]
  • Skip

Category

  • CIS

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/cis#/control/categories/cis
    • Policy Type URI
    • tmod:@turbot/azure-cisv4-0#/policy/types/s02
    • GraphQL
    • query policyType(id: "tmod:@turbot/azure-cisv4-0#/policy/types/s02") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/s02'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/s02'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/s02"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/s02"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
207
Resource Types
3,612
Policies
1,957
Controls
103
Quick Actions
114
IAM