Policy: Azure > CIS v5.0 > 7 - Networking Services > 7.16 - Ensure Azure Network Security Perimeter is used to secure Azure platform-as-a-service resources

Configures auditing against a CIS Benchmark item.

Level: 2

Ensure that Network Security Perimeter (NSP) is used to secure compatible PaaS services.

Network Security Perimeter provides network isolation for PaaS services without requiring virtual network injection. NSP allows you to define a logical network boundary around PaaS resources, controlling inbound and outbound network access with access rules. This provides defense-in-depth and reduces the attack surface of PaaS services.

Targets

This policy targets the following resource types:

Azure > Subscription

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v5.0 > 7 - Networking Services

Attestation

Controls

Setting this policy configures this control:

Azure > CIS v5.0 > 7 - Networking Services > 7.16 - Ensure Azure Network Security Perimeter is used to secure Azure platform-as-a-service resources

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v5.0 > 07 - Networking Services`
Valid Values [YAML]	`Per Azure > CIS v5.0 > 07 - Networking Services` `Skip` `Check: Benchmark using attestation`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v070904

Policy Type URI

tmod:@turbot/azure-cisv5-0#/policy/types/r0716

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv5-0#/policy/types/r0716") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv5-0#/policy/types/r0716'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv5-0#/policy/types/r0716'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv5-0#/policy/types/r0716"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv5-0#/policy/types/r0716"