Framework/Configurations/SVT/AzSKCfg/AzSKCfg.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
{
  "FeatureName": "AzSKCfg",
  "Reference": "aka.ms/azsktcp",
  "IsMaintenanceMode": false,
  "Controls": [
    {
      "ControlID": "Azure_AzSKCfg_Check_Presence_of_CA",
      "Description": "Continuous Assurance automation account must be present in the subscription",
      "Id": "AzSKCfg110",
      "ControlSeverity": "High",
      "Automated": "Yes",
      "MethodName": "CheckifCAPresent",
      "Recommendation": "To install Continuous Assurance automation account, run command: Install-AzSKContinuousAssurance.For more details, please refer https://github.com/azsk/DevOpsKit-docs/blob/master/04-Continous-Assurance/Readme.md#setting-up-continuous-assurance---step-by-step",
      "Tags": [
        "SDL",
        "TCP",
        "Automated",
        "AzSKCfgControl"
      ],
      "Enabled": true,
      "Rationale": "Presence of CA ensures that regular scan is happening for your cloud subscription and resources."
    },
    {
      "ControlID": "Azure_AzSKCfg_Check_Health_of_CA",
      "Description": "Continuous Assurance automation account must be in a healthy state",
      "Id": "AzSKCfg120",
      "ControlSeverity": "High",
      "Automated": "Yes",
      "MethodName": "CheckHealthofCA",
      "Recommendation": "Run command: 'Get-AzSKContinuousAssurance -SubscriptionId <subId>'.Follow the recommendation given to bring CA in healthy state",
      "Tags": [
        "SDL",
        "TCP",
        "Automated",
        "GraphRead",
        "AzSKCfgControl"
      ],
      "Enabled": true,
      "Rationale": "Presence of CA ensures that regular scan is happening for your cloud subscription and resources."
    },
    {
      "ControlID": "Azure_AzSKCfg_Check_Presence_of_Latest_AzSK_Module",
      "Description": "AzSK scans must use latest version of the AzSK Module",
      "Id": "AzSKCfg130",
      "ControlSeverity": "High",
      "Automated": "Yes",
      "MethodName": "CheckifLatestModulePresent",
      "Recommendation": "Re-run install command to get latest AzSK module",
      "Tags": [
        "SDL",
        "TCP",
        "Automated",
        "AzSKCfgControl"
      ],
      "Enabled": true,
      "Rationale": "With each release new security updates are being added. Using the latest AzSK module ensures that your cloud subscription and resources are scanned with the latest controls."
    }
 
  ]
}