Policy: Azure > CIS v4.0 > 10 - Storage Services > 10.03 - Storage Accounts
This subsection covers security recommendations for Azure Storage Accounts. These recommendations include securing access keys, configuring network access controls, enabling identity and access management features, and implementing data protection measures.
Primary Policy
This policy is used with the following primary policy:
Related Policies
- 10.03.04 - Ensure 'Secure transfer required' is set to 'Enabled'
- 10.03.05 - Ensure 'Allow Azure services on trusted services list' is Enabled
- 10.03.06 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
- 10.03.07 - Ensure 'Minimum TLS version' is set to 'Version 1.2'
- 10.03.08 - Ensure 'Cross Tenant Replication' is not enabled
- 10.03.09 - Ensure 'Allow Blob Anonymous Access' is set to 'Disabled'
- 10.03.10 - Ensure Azure Resource Manager Delete locks are applied
- 10.03.11 - Ensure Azure Resource Manager ReadOnly locks are considered
- 10.03.12 - Ensure Redundancy is set to 'geo-redundant storage (GRS)' for critical accounts
- 10.03.01 - Secrets and Keys
- 10.03.02 - Networking
- 10.03.03 - Identity and Access Management
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv4-0#/policy/types/s1003
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/s1003"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/s1003"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI