@turbot/azure-cisv1
Recommended Version
Version
5.1.7
Released On
Nov 12, 2021
Depends On
@turbot/azure ^5.0.0
@turbot/azure-activedirectory ^5.0.0
@turbot/azure-aks ^5.0.0
@turbot/azure-appservice ^5.0.0
@turbot/azure-compute ^5.0.0
@turbot/azure-iam ^5.0.0
@turbot/azure-keyvault ^5.0.0
@turbot/azure-monitor ^5.0.0
@turbot/azure-mysql ^5.0.0
@turbot/azure-network ^5.0.0
@turbot/azure-networkwatcher ^5.0.0
@turbot/azure-postgresql ^5.0.0
@turbot/azure-provider ^5.0.0
@turbot/azure-securitycenter ^5.0.0
@turbot/azure-sql ^5.0.0
@turbot/azure-storage ^5.0.0
@turbot/cis ^5.0.0
@turbot/turbot ^5.0.0
@turbot/turbot-iam ^5.1.0
@turbot/azure-activedirectory ^5.0.0
@turbot/azure-aks ^5.0.0
@turbot/azure-appservice ^5.0.0
@turbot/azure-compute ^5.0.0
@turbot/azure-iam ^5.0.0
@turbot/azure-keyvault ^5.0.0
@turbot/azure-monitor ^5.0.0
@turbot/azure-mysql ^5.0.0
@turbot/azure-network ^5.0.0
@turbot/azure-networkwatcher ^5.0.0
@turbot/azure-postgresql ^5.0.0
@turbot/azure-provider ^5.0.0
@turbot/azure-securitycenter ^5.0.0
@turbot/azure-sql ^5.0.0
@turbot/azure-storage ^5.0.0
@turbot/cis ^5.0.0
@turbot/turbot ^5.0.0
@turbot/turbot-iam ^5.1.0
Control Types
- Azure > CIS v1
- Azure > CIS v1 > 1 Identity and Access Management
- Azure > CIS v1 > 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.03 Ensure that there are no guest users (Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.05 Ensure that 'Number of methods required to reset' is set to '2' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.06 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.07 Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.08 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.09 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.11 Ensure that 'Users can register applications' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.13 Ensure that 'Members can invite' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.14 Ensure that 'Guests can invite' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.16 Ensure that 'Self-service group management enabled' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.17 Ensure that 'Users can create security groups' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.18 Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.21 Ensure that 'Enable "All Users" group' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)
- Azure > CIS v1 > 2 Security Center
- Azure > CIS v1 > 2 Security Center > 2.01 Ensure that standard pricing tier is selected (Scored)
- Azure > CIS v1 > 2 Security Center > 2.02 Ensure that "Automatic provisioning of monitoring agent" is set to "On" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.03 Ensure ASC Default policy setting "Monitor System Updates" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.04 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.05 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.06 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.07 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.08 Ensure ASC Default policy setting "Monitor Web Application Firewall" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.09 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.10 Ensure ASC Default policy setting "Monitor Vulnerability Assessment" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.13 Ensure ASC Default policy setting "Monitor Adaptive Application Whitelisting" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.16 Ensure that 'Security contact emails' is set (Scored)
- Azure > CIS v1 > 2 Security Center > 2.17 Ensure that security contact 'Phone number' is set (Scored)
- Azure > CIS v1 > 2 Security Center > 2.18 Ensure that 'Send email notification for high severity alerts' is set to 'On' (Scored)
- Azure > CIS v1 > 2 Security Center > 2.19 Ensure that 'Send email also to subscription owners' is set to 'On' (Scored)
- Azure > CIS v1 > 3 Storage
- Azure > CIS v1 > 3 Storage > 3.01 Ensure that 'Secure transfer required' is set to 'Enabled' (Scored)
- Azure > CIS v1 > 3 Storage > 3.02 Ensure that storage account access keys are periodically regenerated (Not Scored)
- Azure > CIS v1 > 3 Storage > 3.03 Ensure Storage logging is enabled for Queue service for read, write, and delete requests (Not Scored)
- Azure > CIS v1 > 3 Storage > 3.04 Ensure that shared access signature tokens expire within an hour (Not Scored)
- Azure > CIS v1 > 3 Storage > 3.05 Ensure that shared access signature tokens are allowed only over https (Not Scored)
- Azure > CIS v1 > 3 Storage > 3.06 Ensure that 'Public access level' is set to Private for blob containers (Scored)
- Azure > CIS v1 > 3 Storage > 3.07 Ensure default network access rule for Storage Accounts is set to deny (Scored)
- Azure > CIS v1 > 3 Storage > 3.08 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access (Not Scored)
- Azure > CIS v1 > 4 Database Services
- Azure > CIS v1 > 4 Database Services > 4.01 Ensure that 'Auditing' is set to 'On' (Scored)
- Azure > CIS v1 > 4 Database Services > 4.02 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly (Scored)
- Azure > CIS v1 > 4 Database Services > 4.03 Ensure that 'Auditing' Retention is 'greater than 90 days' (Scored)
- Azure > CIS v1 > 4 Database Services > 4.04 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' (Scored)
- Azure > CIS v1 > 4 Database Services > 4.05 Ensure that 'Threat Detection types' is set to 'All' (Scored)
- Azure > CIS v1 > 4 Database Services > 4.06 Ensure that 'Send alerts to' is set (Scored)
- Azure > CIS v1 > 4 Database Services > 4.07 Ensure that 'Email service and co-administrators' is 'Enabled' (Scored)
- Azure > CIS v1 > 4 Database Services > 4.08 Ensure that Azure Active Directory Admin is configured (Scored)
- Azure > CIS v1 > 4 Database Services > 4.09 Ensure that 'Data encryption' is set to 'On' on a SQL Database (Scored)
- Azure > CIS v1 > 4 Database Services > 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) (Scored)
- Azure > CIS v1 > 4 Database Services > 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.1 Ensure that a Log Profile exists (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.2 Ensure that Activity Log Retention is set 365 days or greater (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.3 Ensure audit profile captures all the activities (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.4 Ensure the log profile captures activity logs for all regions including global (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy (Scored)
- Azure > CIS v1 > 6 Networking
- Azure > CIS v1 > 6 Networking > 6.01 Ensure that RDP access is restricted from the internet (Scored)
- Azure > CIS v1 > 6 Networking > 6.02 Ensure that SSH access is restricted from the internet (Scored)
- Azure > CIS v1 > 6 Networking > 6.03 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) (Scored)
- Azure > CIS v1 > 6 Networking > 6.04 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' (Scored)
- Azure > CIS v1 > 6 Networking > 6.05 Ensure that Network Watcher is 'Enabled' (Scored)
- Azure > CIS v1 > 7 Virtual Machines
- Azure > CIS v1 > 7 Virtual Machines > 7.01 Ensure that 'OS disk' are encrypted (Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.02 Ensure that 'Data disks' are encrypted (Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.03 Ensure that 'Unattached disks' are encrypted (Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.04 Ensure that only approved extensions are installed (Not Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.05 Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.06 Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored)
- Azure > CIS v1 > 8 Other Security Considerations
- Azure > CIS v1 > 8 Other Security Considerations > 8.01 Ensure that the expiration date is set on all keys (Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.02 Ensure that the expiration date is set on all secrets (Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.03 Ensure that Resource Locks are set for mission critical Azure resources (Not Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.04 Ensure the key vault is recoverable (Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.05 Enable role-based access control (RBAC) within Azure Kubernetes Services (Scored)
- Azure > CIS v1 > 9 Application Services
- Azure > CIS v1 > 9 Application Services > 9.01 Ensure App Service Authentication is set on Azure App Service (Scored)
- Azure > CIS v1 > 9 Application Services > 9.02 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service (Scored)
- Azure > CIS v1 > 9 Application Services > 9.03 Ensure web app is using the latest version of TLS encryption (Scored)
- Azure > CIS v1 > 9 Application Services > 9.04 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' (Scored)
- Azure > CIS v1 > 9 Application Services > 9.05 Ensure that Register with Azure Active Directory is enabled on App Service (Scored)
- Azure > CIS v1 > 9 Application Services > 9.06 Ensure that '.Net Framework' version is the latest, if used as a part of the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app (Not Scored)
Policy Types
- Azure > CIS v1
- Azure > CIS v1 > 1 Identity and Access Management
- Azure > CIS v1 > 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.03 Ensure that there are no guest users (Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.05 Ensure that 'Number of methods required to reset' is set to '2' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.05 Ensure that 'Number of methods required to reset' is set to '2' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.06 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.06 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.07 Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.07 Ensure that 'Notify users on password resets?' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.08 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.08 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.09 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.09 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.11 Ensure that 'Users can register applications' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.11 Ensure that 'Users can register applications' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.13 Ensure that 'Members can invite' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.13 Ensure that 'Members can invite' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.14 Ensure that 'Guests can invite' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.14 Ensure that 'Guests can invite' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.16 Ensure that 'Self-service group management enabled' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.16 Ensure that 'Self-service group management enabled' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.17 Ensure that 'Users can create security groups' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.17 Ensure that 'Users can create security groups' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.18 Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.18 Ensure that 'Users who can manage security groups' is set to 'None' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.21 Ensure that 'Enable "All Users" group' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.21 Ensure that 'Enable "All Users" group' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)
- Azure > CIS v1 > 2 Security Center
- Azure > CIS v1 > 2 Security Center > 2.01 Ensure that standard pricing tier is selected (Scored)
- Azure > CIS v1 > 2 Security Center > 2.02 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' (Scored)
- Azure > CIS v1 > 2 Security Center > 2.03 Ensure ASC Default policy setting "Monitor System Updates" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.04 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.05 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.06 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.07 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.08 Ensure ASC Default policy setting "Monitor Web Application Firewall" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.09 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.10 Ensure ASC Default policy setting "Monitor Vulnerability Assessment" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.13 Ensure ASC Default policy setting "Monitor Adaptive Application Whitelisting" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" (Scored)
- Azure > CIS v1 > 2 Security Center > 2.16 Ensure that 'Security contact emails' is set (Scored)
- Azure > CIS v1 > 2 Security Center > 2.17 Ensure that security contact 'Phone number' is set (Scored)
- Azure > CIS v1 > 2 Security Center > 2.18 Ensure that 'Send email notification for high severity alerts' is set to 'On' (Scored)
- Azure > CIS v1 > 2 Security Center > 2.19 Ensure that 'Send email also to subscription owners' is set to 'On' (Scored)
- Azure > CIS v1 > 3 Storage
- Azure > CIS v1 > 3 Storage > 3.01 Ensure that 'Secure transfer required' is set to 'Enabled' (Scored)
- Azure > CIS v1 > 3 Storage > 3.02 Ensure that storage account access keys are periodically regenerated (Not Scored)
- Azure > CIS v1 > 3 Storage > 3.02 Ensure that storage account access keys are periodically regenerated (Not Scored) > Attestation
- Azure > CIS v1 > 3 Storage > 3.03 Ensure Storage logging is enabled for Queue service for read, write, and delete requests (Not Scored)
- Azure > CIS v1 > 3 Storage > 3.04 Ensure that shared access signature tokens expire within an hour (Not Scored)
- Azure > CIS v1 > 3 Storage > 3.04 Ensure that shared access signature tokens expire within an hour (Not Scored) > Attestation
- Azure > CIS v1 > 3 Storage > 3.05 Ensure that shared access signature tokens are allowed only over https (Not Scored)
- Azure > CIS v1 > 3 Storage > 3.05 Ensure that shared access signature tokens are allowed only over https (Not Scored) > Attestation
- Azure > CIS v1 > 3 Storage > 3.06 Ensure that 'Public access level' is set to Private for blob containers (Scored)
- Azure > CIS v1 > 3 Storage > 3.07 Ensure default network access rule for Storage Accounts is set to deny (Scored)
- Azure > CIS v1 > 3 Storage > 3.08 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access (Not Scored)
- Azure > CIS v1 > 4 Database Services
- Azure > CIS v1 > 4 Database Services > 4.01 Ensure that 'Auditing' is set to 'On' (Scored)
- Azure > CIS v1 > 4 Database Services > 4.02 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly (Scored)
- Azure > CIS v1 > 4 Database Services > 4.03 Ensure that 'Auditing' Retention is 'greater than 90 days' (Scored)
- Azure > CIS v1 > 4 Database Services > 4.04 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' (Scored)
- Azure > CIS v1 > 4 Database Services > 4.05 Ensure that 'Threat Detection types' is set to 'All' (Scored)
- Azure > CIS v1 > 4 Database Services > 4.06 Ensure that 'Send alerts to' is set (Scored)
- Azure > CIS v1 > 4 Database Services > 4.07 Ensure that 'Email service and co-administrators' is 'Enabled' (Scored)
- Azure > CIS v1 > 4 Database Services > 4.08 Ensure that Azure Active Directory Admin is configured (Scored)
- Azure > CIS v1 > 4 Database Services > 4.09 Ensure that 'Data encryption' is set to 'On' on a SQL Database (Scored)
- Azure > CIS v1 > 4 Database Services > 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) (Scored)
- Azure > CIS v1 > 4 Database Services > 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 4 Database Services > 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.1 Ensure that a Log Profile exists (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.2 Ensure that Activity Log Retention is set 365 days or greater (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.3 Ensure audit profile captures all the activities (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.4 Ensure the log profile captures activity logs for all regions including global (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule (Scored)
- Azure > CIS v1 > 5 Logging and Monitoring > 5.2 Monitoring using Activity Log alerts > 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy (Scored)
- Azure > CIS v1 > 6 Networking
- Azure > CIS v1 > 6 Networking > 6.01 Ensure that RDP access is restricted from the internet (Scored)
- Azure > CIS v1 > 6 Networking > 6.02 Ensure that SSH access is restricted from the internet (Scored)
- Azure > CIS v1 > 6 Networking > 6.03 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) (Scored)
- Azure > CIS v1 > 6 Networking > 6.04 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' (Scored)
- Azure > CIS v1 > 6 Networking > 6.05 Ensure that Network Watcher is 'Enabled' (Scored)
- Azure > CIS v1 > 7 Virtual Machines
- Azure > CIS v1 > 7 Virtual Machines > 7.01 Ensure that 'OS disk' are encrypted (Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.02 Ensure that 'Data disks' are encrypted (Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.03 Ensure that 'Unattached disks' are encrypted (Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.04 Ensure that only approved extensions are installed (Not Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.04 Ensure that only approved extensions are installed (Not Scored) > Attestation
- Azure > CIS v1 > 7 Virtual Machines > 7.05 Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.05 Ensure that the latest OS Patches for all Virtual Machines are applied (Not Scored) > Attestation
- Azure > CIS v1 > 7 Virtual Machines > 7.06 Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored)
- Azure > CIS v1 > 7 Virtual Machines > 7.06 Ensure that the endpoint protection for all Virtual Machines is installed (Not Scored) > Attestation
- Azure > CIS v1 > 8 Other Security Considerations
- Azure > CIS v1 > 8 Other Security Considerations > 8.01 Ensure that the expiration date is set on all keys (Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.02 Ensure that the expiration date is set on all Secrets (Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.03 Ensure that Resource Locks are set for mission critical Azure resources (Not Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.03 Ensure that Resource Locks are set for mission critical Azure resources (Not Scored) > Attestation
- Azure > CIS v1 > 8 Other Security Considerations > 8.04 Ensure the key vault is recoverable (Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.05 Enable role-based access control (RBAC) within Azure Kubernetes Services (Scored)
- Azure > CIS v1 > 9 Application Services
- Azure > CIS v1 > 9 Application Services > 9.01 Ensure App Service Authentication is set on Azure App Service (Scored)
- Azure > CIS v1 > 9 Application Services > 9.02 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service (Scored)
- Azure > CIS v1 > 9 Application Services > 9.03 Ensure web app is using the latest version of TLS encryption (Scored)
- Azure > CIS v1 > 9 Application Services > 9.04 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' (Scored)
- Azure > CIS v1 > 9 Application Services > 9.05 Ensure that Register with Azure Active Directory is enabled on App Service (Scored)
- Azure > CIS v1 > 9 Application Services > 9.06 Ensure that '.Net Framework' version is the latest, if used as a part of the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v1 > Maximum Attestation Duration
Release Notes
5.1.7 (2021-11-12)
Bug fixes
- The
Azure > CIS v1 > 2 Security Center > 2.01 Ensure that standard pricing tier is selected (Scored)
control would sometimes go into an error state incorrectly if the pricing tier details was stored underPricing.value
in Turbot CMDB. This is now fixed.
5.1.6 (2021-06-08)
Bug fixes
- We’ve made a few improvements in the GraphQL queries for various controls, policies, and actions. You won’t notice any difference, but things should run lighter and quicker than before.
5.1.5 (2020-12-04)
Bug fixes
- The
Azure > CIS v1 > 6 Networking > 6.05 Ensure that Network Watcher is 'Enabled' (Scored)
control would incorrectly evaluate the regions where the Network Watcher was enabled. This is now fixed and theAzure > CIS v1 > 6 Networking > 6.05 Ensure that Network Watcher is 'Enabled' (Scored)
control should now work correctly, as expected.
5.1.4 (2020-11-30)
Bug fixes
- The
Azure > CIS v1 > 6 Networking > 6.04 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' (Scored)
control would remain inTBD
state for all network security group flow logs upserted in Turbot. This is now fixed and theAzure > CIS v1 > 6 Networking > 6.04 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' (Scored)
control will now work as expected.
5.1.3 (2020-10-07)
Bug fixes
- The
Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest, if used to run the web app (Not Scored)
control would sometimes go into an error state if the web app was not using Python on a Linux/Windows platform. This issue has now been fixed.
5.1.2 (2020-09-09)
Bug fixes
- The
Azure > CIS v1 > 4 Database Services > 4.08 Ensure that Azure Active Directory Admin is configured (Scored)
control would incorrectly remain in aTBD
state even if the Active Directory Administrator was configured on the SQL server. This is now fixed andAzure > CIS v1 > 4 Database Services > 4.08 Ensure that Azure Active Directory Admin is configured (Scored)
will work as expected.
Control Types
Renamed
- Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest
Policy Types
Renamed
- Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest
5.1.1 (2020-08-03)
Bug fixes
Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest, if used to run the web app (Not Scored)
control and policy types were missing from the Turbot console. They have now been added.
Control Types
Renamed
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest
Policy Types
Renamed
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest
5.1.0 (2020-06-18)
Bug fixes
- All controls and policies that targeted the
Azure > Tenant
resource type now target theAzure > Active Directory > Directory
resource type. Updating these targets better represents what resources the controls check and allows for more accurate checks.
Control Types
Added
- Azure > CIS v1 > 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.03 Ensure that there are no guest users (Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)
Renamed
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest
Policy Types
Added
- Azure > CIS v1 > 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored) > Attestation
- Azure > CIS v1 > 1 Identity and Access Management > 1.03 Ensure that there are no guest users (Scored)
- Azure > CIS v1 > 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)
Renamed
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest
5.0.2 (2020-06-09)
Bug fixes
- The
Azure > CIS v1 > 6 Networking > 6.02 Ensure that SSH access is restricted from the internet (Scored)
control checks that a network security group does not allow SSH access on port 22 from the Internet (0.0.0.0/0). This control was incorrectly moving to Alarm if it detected any inbound rules allowing port 22, not just those with inbound rules that allowed all traffic on port 22. This has been fixed and the control will now only move to Alarm if an inbound rule allows traffic on port 22 from all traffic.
Control Types
Renamed
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest
Policy Types
Renamed
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest
5.0.1 (2020-05-06)
Bug fixes
- The
Azure > CIS v1 > 6 Networking > 6.01 Ensure that RDP access is restricted from the internet (Scored)
control checks that a Network Security Group does not allow inbound RDP access on port 3389 from the Internet (0.0.0.0/0). This control was incorrectly moving to Alarm if it detected any inbound rules allowing port 3389, not just those with inbound rules that allowed all traffic on port 3389. This has been fixed and the control will move to OK if an inbound rule allows traffic on port 3389 from a restricted source address.
Control Types
Renamed
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest
Policy Types
Renamed
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest