rules/rulesets/cis_azure_3.0.json
|
{
"about": "This ruleset contains a collection of rules for Azure based on CIS benchmark. The rules are used as a mechanism to evaluate the configuration of Azure resources and to determine whether controls within a standard are being adhered to. Rules are also divided into categories and subcategories according to the rule's type. This will ensures that Azure cloud will meet the industry standards.", "framework": { "name" : "CIS Microsoft Azure Foundations", "version" : "3.0.0" }, "rules": { "entra-security-defaults-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.1.1" } ] } ], "entra-iam-privileged-users-disabled-mfa.json": [ { "args": [ "aad-privileged-roles.json" ], "enabled": true, "level": "high", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.1.2" } ] } ], "entra-iam-users-disabled-mfa.json": [ { "enabled": true, "level": "high", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.1.3" } ] } ], "entra-users-remember-mfa-on-devices-disabled.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.1.4" } ] } ], "entra-trusted-location-enabled..json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.2.1" } ] } ], "entra-exclusionary-geograhic-cap-exists.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.2.2" } ] } ], "eid-exclusionary-device-code-flow-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.2.3" } ] } ], "eid-ensure-mfa-for-high-privileged-users-missing-cap.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.2.4" } ] } ], "eid-ensure-mfa-for-users-missing-cap.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.2.5" } ] } ], "eid-ensure-mfa-for-risky-signs-missing-cap.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.2.6" } ] } ], "eid-ensure-mfa-for-azure-management-missing-cap.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.2.7" } ] } ], "eid-ensure-mfa-admin-portals-missing-cap.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.2.8" } ] } ], "eid-non-admin-users-allowedto-create-tenants.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.3" } ] } ], "eid-ensure-guest-users-are-reviewed.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.4" } ] } ], "eid-sspr-reset-number-of-methods.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.5" } ] } ], "eid-account-lockout-threshold-policy.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.6" } ] } ], "eid-account-lockout-seconds-policy.json": [ { "enabled": true, "level": "info", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.7" } ] } ], "eid-custom-banned-password-list-disabled.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.8" } ] } ], "eid-sspr-number-of-days-mfa-reconfirm-days.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.9" } ] } ], "eid-sspr-notify-users-on-password-reset-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.10" } ] } ], "eid-sspr-notify-admin-other-admins-on-password-reset-disabled.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.11" } ] } ], "eid-users-can-consent-apps-data-access.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.12" } ] } ], "eid-users-can-consent-apps-data-access-trusted-publishers-disabled.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.13" } ] } ], "eid-users-can-register-apps-enabled.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.14" } ] } ], "eid-guest-object-restriction-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.15" } ] } ], "eid-guest-invite-restriction-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.16" } ] } ], "eid-restrict-users-entra-portal.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.17" } ] } ], "eid-user-ability-to access-group-features-disabled.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.18" } ] } ], "eid-users-can-create-security-groups.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.19" } ] } ], "eid-owners-can-manage-group-membership-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.20" } ] } ], "eid-users-can-create-m365-groups.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.21" } ] } ], "eid-register-or-joined-devices-require-mfa-settings.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.22" } ] } ], "azure-subscription-custom-role-excessive-permissions.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.23" } ] } ], "azure-subscription-missing-custom-lock-role.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.24" } ] } ], "azure-subscription-permit-no-one-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.25" } ] } ], "eid-iam-excessive-global-admins.json": [ { "args": [ 5 ], "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "2.26" } ] } ], "azure-automatic-vm-agent-provisioning-policy-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.1.1" } ] } ], "azure-defender-for-mcas-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.1.2" } ] } ], "azure-defender-missing-server-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.3.1" } ] } ], "azure-vulnerability-assessment-on-servers-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.3.2" } ] } ], "azure-endpoint-protection-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.3.3" } ] } ], "azure-agentless-scanning-for-machines-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.3.4" } ] } ], "azure-file-integrity-monitoring-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.3.5" } ] } ], "azure-defender-missing-container-registries-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.4.1" } ] } ], "azure-agentless-discovery-for-kubernetes-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.4.2" } ] } ], "azure-agentless-container-vulnerability-assessment-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.4.3" } ] } ], "azure-defender-missing-storageaccount-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.5.1" } ] } ], "azure-defender-missing-appservice-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.6.1" } ] } ], "azure-defender-missing-cosmodb-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.7.1" } ] } ], "azure-defender-missing-osrd-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.7.2" } ] } ], "azure-defender-missing-managed-sql-database-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.7.3" } ] } ], "azure-defender-missing-sql-server-on-machines-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.7.4" } ] } ], "azure-defender-missing-keyvault-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.8.1" } ] } ], "azure-defender-missing-resource-manager-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.9.1" } ] } ], "azure-defender-recommendation-apply-system-updates-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.10" } ] } ], "azure-cloud-security-benchmark-policies-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.11" } ] } ], "azure-security-contact-send-email-to-owners-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.12" } ] } ], "azure-security-contact-additional-email-not-configured.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.13" } ] } ], "azure-security-contact-send-email-high-alerts-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.14" } ] } ], "azure-defender-easm-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.15" } ] } ], "azure-defender-missing-dns-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.1.16" } ] } ], "azure-defender-missing-iot-protection.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.2.1" } ] } ], "azure-expiration-date-for-all-keys-in-rbac-keyvault-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.3.1" } ] } ], "azure-expiration-date-for-all-keys-in-non-rbac-keyvault-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.3.2" } ] } ], "azure-expiration-date-for-all-secrets-in-rbac-keyvault-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.3.3" } ] } ], "azure-expiration-date-for-all-secrets-in-non-rbac-keyvault-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.3.4" } ] } ], "azure-keyvault-recoverable.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.3.5" } ] } ], "azure-keyvault-rbac-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.3.6" } ] } ], "azure-keyvault-private-endpoint-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.3.7" } ] } ], "azure-keyvault-automatic-key-rotation-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "3.3.8" } ] } ], "azure-storage-accounts-secure-transfer-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.1" } ] } ], "azure-storage-accounts-infrastructure-encryption-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.2" } ] } ], "azure-storage-accounts-key-rotation-reminder-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.3" } ] } ], "azure-storage-accounts-access-key-rotation-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.4" } ] } ], "azure-storage-account-shared-access-signature-tokens-expiration.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.5" } ] } ], "azure-storage-accounts-public-network-access-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.6" } ] } ], "azure-storage-account-default-network-access-rule-allow.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.7" } ] } ], "azure-storage-accounts-trusted-ms-services-bypass.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.8" } ] } ], "azure-storage-account-private-endpoints-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.9" } ] } ], "azure-storage-accounts-soft-delete-for-containers-and-blob-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.10" } ] } ], "azure-storage-accounts-lack-cmk.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.11" } ] } ], "azure-storage-accounts-queue-storage-logging-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.12" } ] } ], "azure-storage-account-logging-disabled-for-blob-service.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.13" } ] } ], "azure-storage-account-logging-disabled-for-table-service.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.14" } ] } ], "azure-storage-accounts-minimum-tls-not-configured.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.15" } ] } ], "azure-storage-account-cross-tenant-replication-not-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.16" } ] } ], "azure-storage-account-blob-anonymous-access-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "4.17" } ] } ], "azure-sql-server-auditing-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.1.1" } ] } ], "azure-sql-fw-allow-all.json": [ { "args": [ "SQL", "0.0.0.0", "255.255.255.255", "A custom rule was set up with StartIp of 0.0.0.0 and EndIP of 255.255.255.255 allowing access from ANY IP over the Internet", "3.0.0", "5.1.2", "Level 1" ], "enabled": true, "level": "medium" }, { "args": [ "SQL", "0.0.0.0", "0.0.0.0", "By default, for a SQL server, a Firewall exists with StartIp of 0.0.0.0 and EndIP of 0.0.0.0 allowing access to all the Azure services", "3.0.0", "5.1.2", "Level 1" ], "enabled": true, "level": "medium" } ], "azure-sql-server-tde-protector-lack-cmk-encryption.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.1.3" } ] } ], "azure-sql-server-entra-id-auth-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.1.4" } ] } ], "azure-sql-database-data-encryption-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.1.5" } ] } ], "azure-sql-server-auditing-retention.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.1.6" } ] } ], "azure-sql-server-public-network-access-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.1.7" } ] } ], "azure-postgresql-secure-transport-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.2.1" } ] } ], "azure-postgresql-log-checkpoints-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.2.2" } ] } ], "azure-postgresql-connection-throttling-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.2.3" } ] } ], "azure-postgresql-log-low-retention-days.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.2.4" } ] } ], "azure-postgresql-allow-access-azure-services-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.2.5" } ] } ], "azure-postgresql-log-connections-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.2.6" } ] } ], "azure-postgresql-log-disconnections-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.2.7" } ] } ], "azure-postgresql-infrastructure-double-encryption-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.2.8" } ] } ], "azure-mysql-secure-transport-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.3.1" } ] } ], "azure-mysql-latest-tls-version-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.3.2" } ] } ], "azure-mysql-audit-log-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.3.3" } ] } ], "azure-mysql-audit-log-connection-events-parameter-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.3.4" } ] } ], "azure-cosmosdb-all-networks-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.4.1" } ] } ], "azure-cosmosdb-private-endpoints-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.4.2" } ] } ], "azure-cosmosdb-entraid-authentication-and-rbac-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "5.4.3" } ] } ], "azure-diagnostic-settings-for-subscription-not-configured.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "6.1.1" } ] } ], "azure-diagnostic-settings-for-subscription-missing-categories.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "6.1.2" } ] } ], "azure-activity-logs-storage-account-missing-cmk.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "6.1.3" } ] } ], "azure-keyvault-logging-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "6.1.4" } ] } ], "azure-network-security-group-flow-logs-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "6.1.5" } ] } ], "azure-app-services-logging-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "6.1.6" } ] } ], "azure-activity-log-missing-alerts.json": [ { "args": [ "Create Policy Assignment", "Microsoft.Authorization/policyAssignments/write", "", "3.0.0", "6.2.1", "Monitoring for create policy assignment events gives insight into changes done in 'azure policy - assignments' and may reduce the time it takes to detect unsolicited changes." ], "enabled": true, "level": "medium" }, { "args": [ "Delete Policy Assignment", "Microsoft.Authorization/policyAssignments/delete", "", "3.0.0", "6.2.2", "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and may reduce the time it takes to detect unsolicited changes." ], "enabled": true, "level": "medium" }, { "args": [ "Create or Update Network Security Group", "Microsoft.Network/networkSecurityGroups/write", "", "3.0.0", "6.2.3", "Monitoring for 'Create' or 'Update Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity." ], "enabled": true, "level": "medium" }, { "args": [ "Delete Network Security Group", "Microsoft.Network/networkSecurityGroups/delete", "", "3.0.0", "6.2.4", "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity." ], "enabled": true, "level": "medium" }, { "args": [ "Create or Update Security Solution", "Microsoft.Security/securitySolutions/write", "", "3.0.0", "6.2.5", "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity." ], "enabled": true, "level": "medium" }, { "args": [ "Delete Security Solution", "Microsoft.Security/securitySolutions/delete", "", "3.0.0", "6.2.6", "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity." ], "enabled": true, "level": "medium" }, { "args": [ "Create or Update SQL Server Firewall Rule", "Microsoft.Sql/servers/firewallRules/write", "", "3.0.0", "6.2.7", "Monitoring for Create or Update or Delete SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity." ], "enabled": true, "level": "medium" }, { "args": [ "Delete SQL Server Firewall Rule", "Microsoft.Sql/servers/firewallRules/delete", "", "3.0.0", "6.2.8", "Monitoring for Delete SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity." ], "enabled": true, "level": "medium" }, { "args": [ "Create or Update Public IP Addresses rule", "Microsoft.Network/publicIPAddresses/write", "", "3.0.0", "6.2.9", "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity." ], "enabled": true, "level": "medium" }, { "args": [ "Delete Public IP Addresses rule", "Microsoft.Network/publicIPAddresses/delete", "", "3.0.0", "6.2.10", "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity." ], "enabled": true, "level": "medium" } ], "azure-application-insights-not-configured.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "6.3.1" } ] } ], "azure-monitor-resource-logging-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "6.4" } ] } ], "azure-sku-basic-detected.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "6.5" } ] } ], "azure-nsg-tcp-ports-open.json": [ { "args": [ "RDP", "3389", "Disable RDP access on network security groups from the Internet.", "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure", "3.0.0", "7.1", "" ], "enabled": true, "level": "medium" }, { "args": [ "FTP", "21", "Disable FTP access on network security groups from the Internet.", "The potential security problem with using FTP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure", "", "", "monkey365 rule" ], "enabled": true, "level": "medium" }, { "args": [ "SSH", "22", "Disable SSH access on network security groups from the Internet.", "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure", "3.0.0", "7.2", "" ], "enabled": true, "level": "medium" }, { "args": [ "TELNET", "23", "Disable Telnet access on network security groups from the Internet.", "The potential security problem with using TELNET over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure", "", "", "monkey365 rule" ], "enabled": true, "level": "medium" }, { "args": [ "SQL", "1433", "Disable SQL access on network security groups from the Internet.", "The potential security problem with using SQL over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure", "", "", "monkey365 rule" ], "enabled": true, "level": "medium" } ], "azure-nsg-udp-ports-open.json": [ { "args": [ "DNS", "53", "Disable DNS access on network security groups from the Internet.", "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification source for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", "3.0.0", "7.3", "" ], "enabled": true, "level": "medium" }, { "args": [ "NTP", "123", "Disable NTP access on network security groups from the Internet.", "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification source for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", "3.0.0", "7.3", "" ], "enabled": true, "level": "medium" }, { "args": [ "SNMP", "161", "Disable SNMP access on network security groups from the Internet.", "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification source for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", "3.0.0", "7.3", "" ], "enabled": true, "level": "medium" }, { "args": [ "LDAP", "389", "Disable LDAP access on network security groups from the Internet.", "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification source for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", "3.0.0", "7.3", "" ], "enabled": true, "level": "medium" }, { "args": [ "UPnP/SSDP", "1900", "Disable UPnP/SSDP access on network security groups from the Internet.", "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification source for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", "3.0.0", "7.3", "" ], "enabled": true, "level": "medium" } ], "azure-network-watcher-flow-log-retention.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "7.5" } ] } ], "azure-network-watcher-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "7.6" } ] } ], "azure-unassigned-public-ip-address.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "7.7" } ] } ], "azure-bastion-hosts-not-present.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.1" } ] } ], "azure-os-managed-disk-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.2" } ] } ], "azure-vm-os-data-cmk-encryption-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.3" } ] } ], "azure-unattached-disk-cmk-encryption-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.4" } ] } ], "azure-disk-network-access-allow-public-access.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.5" } ] } ], "azure-data-access-authentication-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.6" } ] } ], "azure-vm-approved-extensions.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.7" } ] } ], "azure-vm-endpoint-protection-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.8" } ] } ], "azure-os-disk-encryption-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.9" } ] } ], "azure-identities-with-access-to-privileged-vm-lacking-mfa.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.10" } ] } ], "azure-vm-trusted-launch-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "8.11" } ] } ], "azure-app-services-https-only-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "9.1" } ] } ], "azure-app-services-auth-disabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "9.2" } ] } ], "azure-app-services-ftp-deployment-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "9.3" } ] } ], "azure-app-services-latest-tls-version-missing.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "9.4" } ] } ], "azure-app-services-eid-managed-identity-missing.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "9.5" } ] } ], "azure-app-service-basic-auth-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "9.6" } ] } ], "azure-app-services-latest-php-version-missing.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "9.7" } ] } ], "azure-app-services-latest-python-version-missing.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "9.8" } ] } ], "azure-app-services-latest-java-version-missing.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "9.9" } ] } ], "azure-app-services-latest-http-version-disabled.json": [ { "enabled": true, "level": "low", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "3.0.0", "reference": "9.10" } ] } ], "azure-app-service-lack-keyvault-secret.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "2.0.0", "reference": "9.11" } ] } ], "azure-app-service-remote-debugging-enabled.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "2.0.0", "reference": "9.12" } ] } ], "azure-subscription-missing-resource-locks.json": [ { "enabled": true, "level": "medium", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "2.0.0", "reference": "10.1" } ] } ] } } |