Policy: Azure > CIS v4.0 > 09 - Security Services > 09.03 - Key Vault
Covers security recommendations to follow for the configuration and use of Azure Key Vault.
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
- 09.03.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
- 09.03.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
- 09.03.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
- 09.03.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
- 09.03.05 - Ensure the Key Vault is Recoverable
- 09.03.06 - Ensure that Role Based Access Control for Azure Key Vault is enabled
- 09.03.07 - Ensure that Public Network Access when using Private Endpoint is disabled
- 09.03.08 - Ensure that Private Endpoints are Used for Azure Key Vault
- 09.03.09 - Ensure automatic key rotation is enabled within Azure Key Vault
- 09.03.10 - Ensure that Azure Key Vault Managed HSM is used when required
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv4-0#/policy/types/s0903
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/s0903"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/s0903"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI