CIS Microsoft Azure Foundations v1.3.1 L1

Audit Details

Name: CIS Microsoft Azure Foundations v1.3.1 L1

Updated: 9/14/2022

Authority: CIS

Plugin: microsoft_azure

Revision: 1.5

Estimated Item Count: 66

File Details

Filename: CIS_Microsoft_Azure_Foundations_L1_v1.3.1.audit

Size: 259 kB

MD5: 5930d81dcde1e16ef6b6ebacc7322411
SHA256: 0f2248be5f46a5c9f8c12d4330ff791ede4b32ee3bc571fc46960ca0e4b249b0

Audit Items

DescriptionCategories
1.1 Ensure that multi-factor authentication is enabled for all privileged users

IDENTIFICATION AND AUTHENTICATION

1.3 Ensure guest users are reviewed on a monthly basis

ACCESS CONTROL

1.5 Ensure that 'Number of methods required to reset' is set to '2'

IDENTIFICATION AND AUTHENTICATION

1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' - 0

ACCESS CONTROL

1.7 Ensure that 'Notify users on password resets?' is set to 'Yes'

ACCESS CONTROL

1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes'

IDENTIFICATION AND AUTHENTICATION

1.22 Ensure Security Defaults is enabled on Azure Active Directory

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.11 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On'

RISK ASSESSMENT

2.12 Ensure any of the ASC Default policy setting is not set to 'Disabled' - Disabled

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.13 Ensure 'Additional email addresses' is configured with a security contact email

INCIDENT RESPONSE

2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High'

INCIDENT RESPONSE

2.15 Ensure that 'All users with the following roles' is set to 'Owner'

INCIDENT RESPONSE

3.1 Ensure that 'Secure transfer required' is set to 'Enabled'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Ensure that storage account access keys are periodically regenerated

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

3.4 Ensure that shared access signature tokens expire within an hour

ACCESS CONTROL

3.5 Ensure that 'Public access level' is set to Private for blob containers

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure soft delete is enabled for Azure Storage

CONTINGENCY PLANNING

4.1.1 Ensure that 'Auditing' is set to 'On'

AUDIT AND ACCOUNTABILITY

4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days'

AUDIT AND ACCOUNTABILITY

4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server

AUDIT AND ACCOUNTABILITY

4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server

AUDIT AND ACCOUNTABILITY

4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server

AUDIT AND ACCOUNTABILITY

4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server

AUDIT AND ACCOUNTABILITY

4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server

AUDIT AND ACCOUNTABILITY

4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Ensure that Azure Active Directory Admin is configured

ACCESS CONTROL

5.1.1 Ensure that a 'Diagnostics Setting' exists

AUDIT AND ACCOUNTABILITY

5.1.2 Ensure Diagnostic Setting captures appropriate categories

AUDIT AND ACCOUNTABILITY

5.1.3 Ensure the storage container storing the activity logs is not publicly accessible

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION

5.1.5 Ensure that logging for Azure KeyVault is 'Enabled'

AUDIT AND ACCOUNTABILITY

5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment

AUDIT AND ACCOUNTABILITY

5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment

AUDIT AND ACCOUNTABILITY

5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group

AUDIT AND ACCOUNTABILITY

5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group

AUDIT AND ACCOUNTABILITY

5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule

AUDIT AND ACCOUNTABILITY

5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule

AUDIT AND ACCOUNTABILITY

5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution

AUDIT AND ACCOUNTABILITY

5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution

AUDIT AND ACCOUNTABILITY

5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule - create/update

AUDIT AND ACCOUNTABILITY

5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule - delete

AUDIT AND ACCOUNTABILITY

5.3 Ensure that Diagnostic Logs are enabled for all services which support it.

AUDIT AND ACCOUNTABILITY

6.1 Ensure that RDP access is restricted from the internet

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure that SSH access is restricted from the internet

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP)

ACCESS CONTROL, MEDIA PROTECTION

6.5 Ensure that Network Watcher is 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

6.6 Ensure that UDP Services are restricted from the Internet

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION