Policy: Azure > CIS v5.0 > 9 - Storage Services > 9.03 - Storage Accounts
This section covers security recommendations for Azure Storage Account configuration.
Storage accounts provide a unique namespace for Azure Storage data that is accessible from anywhere.
Primary Policy
This policy is used with the following primary policy:
Related Policies
- 9.03.04 - Ensure that 'Secure transfer required' is set to 'Enabled'
- 9.03.05 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
- 9.03.06 - Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'
- 9.03.07 - Ensure 'Cross Tenant Replication' is not enabled
- 9.03.08 - Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled'
- 9.03.09 - Ensure Azure Resource Manager Delete locks are applied to Azure Storage Accounts
- 9.03.10 - Ensure Azure Resource Manager ReadOnly locks are considered for Azure Storage Accounts
- 9.03.11 - Ensure Redundancy is set to 'geo-redundant storage (GRS)' on critical Azure Storage Accounts
- 9.03.01 - Secrets and Keys
- 9.03.02 - Networking
- 9.03.03 - Identity and Access Management
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv5-0#/policy/types/s0903
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv5-0#/policy/types/s0903"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv5-0#/policy/types/s0903"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI