Policy: Azure > CIS v4.0 > 02 - Common Reference Recommendations
This section covers common reference recommendations for encryption and network policies on Azure resources.
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
Controls
Setting this policy configures these controls:
- Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.01 - Secrets and Keys > 02.01.01 - Encryption Key Management > 02.01.01.01 - Microsoft Managed Keys (MMK) > 02.01.01.01.01 - Ensure Critical Data is Encrypted with Microsoft Managed Keys (MMK)
- Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.01 - Secrets and Keys > 02.01.01 - Encryption Key Management > 02.01.01.02 - Customer Managed Keys (CMK) > 02.01.01.02.01 - Ensure Critical Data is Encrypted with Customer Managed Keys (CMK)
- Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.02 - Networking > 02.02.01 - Virtual Networks (VNets) > 02.02.01.01 - Ensure public network access is Disabled
- Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.02 - Networking > 02.02.01 - Virtual Networks (VNets) > 02.02.01.02 - Ensure Network Access Rules are set to Deny-by-default
- Azure > CIS v4.0 > 02 - Common Reference Recommendations > 02.02 - Networking > 02.02.02 - Private Endpoints > 02.02.02.01 - Ensure Private Endpoints are used to access {service}
- Azure > CIS v4.0 > 06 - Identity Services > 06.02 - Conditional Access > 06.02.01 - Ensure that 'trusted locations' are defined
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv4-0#/policy/types/s02
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/s02"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/s02"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI