Turbot Guardrails Hub 
Hub
Policy Packs
Azure CIS v2.0.0 - Section 3 - Storage Accounts
Overview
18
Policy Settings
0
Variables
DevelopersGithub

Policy Settings

The Azure CIS v2.0.0 - Section 3 - Storage Accounts policy pack has 18 policy settings:

PolicySettingNote
Azure > Storage > Storage Account > Access Keys > Rotation ReminderCheck: Enabled per Rotation Reminder > DaysAzure CIS v2.0.0 - Control: 3.3
Azure > Storage > Storage Account > Access Keys > Rotation Reminder > Days90Azure CIS v2.0.0 - Control: 3.3
Azure > Storage > Storage Account > ApprovedCheck: ApprovedAzure CIS v2.0.0 - Control: 3.2
Azure > Storage > Storage Account > Approved > Infrastructure EncryptionApproved if enabledAzure CIS v2.0.0 - Control: 3.2
Azure > Storage > Storage Account > Blob > LoggingCheck: Per `Logging > *`Azure CIS v2.0.0 - Control: 3.13
Azure > Storage > Storage Account > Blob > Logging > Properties- "Read" - "Write" - "Delete" Azure CIS v2.0.0 - Control: 3.13
Azure > Storage > Storage Account > Blob > Logging > Retention Days7Azure CIS v2.0.0 - Control: 3.13
Azure > Storage > Storage Account > Blob Public AccessCheck: DisabledAzure CIS v2.0.0 - Control: 3.7
Azure > Storage > Storage Account > Data Protection > Soft DeleteCheck: Configured per Soft Delete > * policiesAzure CIS v2.0.0 - Control: 3.11
Azure > Storage > Storage Account > Data Protection > Soft Delete > BlobsEnabledAzure CIS v2.0.0 - Control: 3.11
Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs > Retention Days7Azure CIS v2.0.0 - Control: 3.11
Azure > Storage > Storage Account > Data Protection > Soft Delete > ContainersEnabledAzure CIS v2.0.0 - Control: 3.11
Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers > Retention Days7Azure CIS v2.0.0 - Control: 3.11
Azure > Storage > Storage Account > Encryption in TransitCheck: EnabledAzure CIS v2.0.0 - Control: 3.1
Azure > Storage > Storage Account > Minimum TLS VersionCheck: TLS 1.2Azure CIS v2.0.0 - Control: 3.15
Azure > Storage > Storage Account > Queue > LoggingCheck: Per Logging > PropertiesAzure CIS v2.0.0 - Control: 3.5
Azure > Storage > Storage Account > Queue > Logging > Properties- "Read" - "Write" - "Delete" Azure CIS v2.0.0 - Control: 3.5
Azure > Storage > Storage Account > Queue > Logging > Properties > Retention Days7Azure CIS v2.0.0 - Control: 3.5