Real-time Azure v2.0.0 CIS Benchmark assessments
Assess your security posture with automated Azure CIS v2.0.0 assessments that provide real-time dashboard updates and instant alerts.
Center for Internet Security (CIS) benchmarks for Azure are widely used by cloud teams as guidance to configure their Azure subscriptions securely. The latest iteration, Azure CIS v2.0.0, includes over 150 recommendations to evaluate your posture against best practices.
Turbot Guardrails now supports the Azure CIS v2.0.0 Benchmark. Use it to enable continuous monitoring of your cloud environment's security posture, and to ensure compliance with industry standards as resources are created and modified.
Go beyond CIS reporting with Guardrails
Traditional compliance assessments rely on periodic scans of your environment, which only give you a point-in-time view of your security posture. But the cloud is dynamic, resources change rapidly, misconfigurations and security gaps can happen anytime.
Turbot Guardrails evaluates your Azure resources against the CIS v2.0.0 Benchmark in real-time. As resources are created or modified, Guardrails instantly assesses them for compliance and provides a view of your security posture that's always current.
Key Features of Turbot Guardrails' CIS Benchmark controls:
- Instant Evaluation. As new AWS resources are created or modified, Guardrails immediately assesses them against the relevant CIS controls, providing instant feedback on your compliance status.
- Real-time Alerts. Stay informed about critical changes in your compliance posture with real-time alerts. Guardrails can send notifications to Slack, MS Teams, and email, so you and your team always know when benchmarks aren't green.
- Take action. By default, Guardrails will alert on misconfigurations. You can use Guardrails' quick actions to fix mistakes, and you can set continuous enforcement.
- Controlled Attestations. Some CIS controls are manual and require attestations. Track evidence of your reviews and set reminders to re-evaluate the control next audit period.
- Set Exceptions. Not all organizations require every CIS Benchmark recommendation. Set time-based exceptions to ignore recommendations per account or per resource when not applicable.
- Comprehensive Reporting. See an always up-to-date view of your compliance status, from sections of the benchmark to per-resource compliance, in the Guardrails console. Generate detailed reports, including CSV exports for easy sharing and analysis.
How to monitor Azure CIS v2.0.0 using Guardrails
Install the Azure CIS mods
To get started, install the @turbot/cis and the @turbot/azure-cisv2-0 mods.
Enable the Azure CIS Benchmark
Once installed, set the policy for Azure > CIS v2.0
to Check: All CIS Benchmarks
.
Guardrails will immediately assess all applicable resources for compliance to Azure CIS Benchmark v2.0.0.
Assess your CIS adherence
See control status for each benchmark section.
In this example, 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
we can see all the Azure Storage Accounts are reporting in ALARM
and OK
states.
In some cases you may need to suppress or ignore the control on a resource, with any Guardrails policy you can set time based exceptions for one or many resources.
In this case we set the policy to Skip
the acmedemoaz2
bucket for 30 days. This bucket now shows it's in a skipped state and will be reassessed automatically after the expiration period.
Instant Azure CIS alerts
When creating or updating cloud resources, Guardrails instantly provides feedback on the state of the recommendation. In this example we created acmedemoaz3
which was instantly discovered and evaluated for CIS compliance.
Beyond alerts in the Turbot Guardrails console, you and your team members can subscribe to alerts via email, MS Teams or Slack alerts.
Take action on your CIS alerts
Guardrails quick actions provide direct links to the Guardrails console where you can immediately apply fixes. This enables workflows that keep human approvers in the loop.
In Instant AWS CIS v3.0.0 Benchmark compliance, using AWS as the example, we show how you can go further by setting guardrails to continuously enforce CIS recommendations with no human intervention.
See it in action
Level up your security posture with Guardrails
Elevate your compliance game with Turbot Guardrails and experience real-time adherence to the Azure CIS v2.0.0 Benchmark. With instant visibility into your security posture and flexible reporting options, Guardrails makes it easier and faster to address any deviations from best practices.
Turbot Guardrails also supports the latest CIS assessments for AWS and GCP. Try all the CIS Benchmarks, using the 14-day free trial, to gain instant feedback on your adherence to CIS recommendations.