Policy: Azure > CIS v5.0 > 9 - Storage Services > 9.01 - Azure Files

This section covers security recommendations for Azure Files.

Azure Files offers fully managed file shares in the cloud that are accessible via the Server Message Block (SMB) protocol.

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v5.0 > 9 - Storage Services

9.01.01 - Ensure soft delete for Azure File Shares is Enabled
9.01.02 - Ensure 'SMB protocol version' is set to 'SMB 3.1.1' or higher for SMB file shares
9.01.03 - Ensure 'SMB channel encryption' is set to 'AES-256-GCM' or higher for SMB file shares

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v5.0 > 09 - Storage Services`
Valid Values [YAML]	`Per Azure > CIS v5.0 > 09 - Storage Services` `Skip` `Check: All CIS Benchmarks except attestations` `Check: All CIS Benchmarks`
Examples [YAML]	`Skip`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/cis

Policy Type URI

tmod:@turbot/azure-cisv5-0#/policy/types/s0901

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv5-0#/policy/types/s0901") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv5-0#/policy/types/s0901'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv5-0#/policy/types/s0901'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv5-0#/policy/types/s0901"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv5-0#/policy/types/s0901"

Policy: Azure > CIS v5.0 > 9 - Storage Services > 9.01 - Azure Files

Primary Policy

Related Policies

Policy Specification

Category

In Your Workspace

Developers