Product logo
DocsBlogPricing

@turbot/azure-cisv1

Version
5.1.7
Released On
Nov 12, 2021
Depends On

Control Types

Policy Types

Release Notes

5.1.7 (2021-11-12)

Bug fixes

  • The Azure > CIS v1 > 2 Security Center > 2.01 Ensure that standard pricing tier is selected (Scored) control would sometimes go into an error state incorrectly if the pricing tier details was stored under Pricing.value in Turbot CMDB. This is now fixed.

5.1.6 (2021-06-08)

Bug fixes

  • We’ve made a few improvements in the GraphQL queries for various controls, policies, and actions. You won’t notice any difference, but things should run lighter and quicker than before.

5.1.5 (2020-12-04)

Bug fixes

  • The Azure > CIS v1 > 6 Networking > 6.05 Ensure that Network Watcher is 'Enabled' (Scored) control would incorrectly evaluate the regions where the Network Watcher was enabled. This is now fixed and the Azure > CIS v1 > 6 Networking > 6.05 Ensure that Network Watcher is 'Enabled' (Scored) control should now work correctly, as expected.

5.1.4 (2020-11-30)

Bug fixes

  • The Azure > CIS v1 > 6 Networking > 6.04 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' (Scored) control would remain in TBD state for all network security group flow logs upserted in Turbot. This is now fixed and the Azure > CIS v1 > 6 Networking > 6.04 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' (Scored) control will now work as expected.

5.1.3 (2020-10-07)

Bug fixes

  • The Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest, if used to run the web app (Not Scored) control would sometimes go into an error state if the web app was not using Python on a Linux/Windows platform. This issue has now been fixed.

5.1.2 (2020-09-09)

Bug fixes

  • The Azure > CIS v1 > 4 Database Services > 4.08 Ensure that Azure Active Directory Admin is configured (Scored) control would incorrectly remain in a TBD state even if the Active Directory Administrator was configured on the SQL server. This is now fixed and Azure > CIS v1 > 4 Database Services > 4.08 Ensure that Azure Active Directory Admin is configured (Scored) will work as expected.

Control Types

Renamed

  • Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest

Policy Types

Renamed

  • Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest

5.1.1 (2020-08-03)

Bug fixes

  • Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest, if used to run the web app (Not Scored) control and policy types were missing from the Turbot console. They have now been added.

Control Types

Renamed

  • Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest

Policy Types

Renamed

  • Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest

5.1.0 (2020-06-18)

Bug fixes

  • All controls and policies that targeted the Azure > Tenant resource type now target the Azure > Active Directory > Directory resource type. Updating these targets better represents what resources the controls check and allows for more accurate checks.

Control Types

Added

  • Azure > CIS v1 > 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.03 Ensure that there are no guest users (Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)

Renamed

  • Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest

Policy Types

Added

  • Azure > CIS v1 > 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.01 Ensure that multi-factor authentication is enabled for all privileged users (Not Scored) > Attestation
  • Azure > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.02 Ensure that multi-factor authentication is enabled for all non- privileged users (Not Scored) > Attestation
  • Azure > CIS v1 > 1 Identity and Access Management > 1.03 Ensure that there are no guest users (Scored)
  • Azure > CIS v1 > 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)

Renamed

  • Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest

5.0.2 (2020-06-09)

Bug fixes

  • The Azure > CIS v1 > 6 Networking > 6.02 Ensure that SSH access is restricted from the internet (Scored)control checks that a network security group does not allow SSH access on port 22 from the Internet (0.0.0.0/0). This control was incorrectly moving to Alarm if it detected any inbound rules allowing port 22, not just those with inbound rules that allowed all traffic on port 22. This has been fixed and the control will now only move to Alarm if an inbound rule allows traffic on port 22 from all traffic.

Control Types

Renamed

  • Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest

Policy Types

Renamed

  • Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest

5.0.1 (2020-05-06)

Bug fixes

  • The Azure > CIS v1 > 6 Networking > 6.01 Ensure that RDP access is restricted from the internet (Scored) control checks that a Network Security Group does not allow inbound RDP access on port 3389 from the Internet (0.0.0.0/0). This control was incorrectly moving to Alarm if it detected any inbound rules allowing port 3389, not just those with inbound rules that allowed all traffic on port 3389. This has been fixed and the control will move to OK if an inbound rule allows traffic on port 3389 from a restricted source address.

Control Types

Renamed

  • Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest

Policy Types

Renamed

  • Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest to Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest to Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest