CIS Microsoft Azure Foundations v1.5.0 L1

Audit Details

Name: CIS Microsoft Azure Foundations v1.5.0 L1

Updated: 1/4/2023

Authority: CIS

Plugin: microsoft_azure

Revision: 1.0

Estimated Item Count: 89

File Details

Filename: CIS_Microsoft_Azure_Foundations_v1.5.0_L1.audit

Size: 373 kB

MD5: d7a6a950731ab4ac515d8559930785db
SHA256: 630ada1a089aa7ae595ee57c6f95d99468d482d05c1f7f8f703d6b042a71970d

Audit Items

DescriptionCategories
1.1.1 Ensure Security Defaults is enabled on Azure Active Directory

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users

IDENTIFICATION AND AUTHENTICATION

1.1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled

IDENTIFICATION AND AUTHENTICATION

1.2.1 Ensure Trusted Locations Are Defined

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.2 Ensure that an exclusionary Geographic Access Policy is considered

ACCESS CONTROL

1.2.3 Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.2.4 Ensure that A Multi-factor Authentication Policy Exists for All Users

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.2.5 Ensure Multi-factor Authentication is Required for Risky Sign-ins

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.2.6 Ensure Multi-factor Authentication is Required for Azure Management

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.4 Ensure Guest Users Are Reviewed on a Regular Basis

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.5 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled'

IDENTIFICATION AND AUTHENTICATION

1.6 Ensure That 'Number of methods required to reset' is set to '2'

IDENTIFICATION AND AUTHENTICATION

1.7 Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'

ACCESS CONTROL

1.9 Ensure that 'Notify users on password resets?' is set to 'Yes'

ACCESS CONTROL

1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'

ACCESS CONTROL

1.12 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No'

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'

CONFIGURATION MANAGEMENT

1.14 Ensure That 'Users Can Register Applications' Is Set to 'No'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION, RISK ASSESSMENT

1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'

IDENTIFICATION AND AUTHENTICATION

1.23 Ensure That No Custom Subscription Owner Roles Are Created

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2.1 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'

RISK ASSESSMENT

2.3.1 Ensure That 'All users with the following roles' is set to 'Owner'

INCIDENT RESPONSE

2.3.2 Ensure 'Additional email addresses' is Configured with a Security Contact Email

INCIDENT RESPONSE

2.3.3 Ensure That 'Notify about alerts with the following severity' is Set to 'High'

SYSTEM AND INFORMATION INTEGRITY

2.5 Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

2.6 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY

3.1 Ensure that 'Secure transfer required' is set to 'Enabled'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3 Ensure that 'Enable key rotation reminders' is enabled for each Storage Account

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY

3.4 Ensure that Storage Account Access Keys are Periodically Regenerated

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE

3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour

ACCESS CONTROL

3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Ensure Private Endpoints are used to access Storage Accounts

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11 Ensure Soft Delete is Enabled for Azure Containers and Blob Storage

CONTINGENCY PLANNING

3.15 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.1 Ensure that 'Auditing' is set to 'On'

AUDIT AND ACCOUNTABILITY

4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)

ACCESS CONTROL, MEDIA PROTECTION

4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers

ACCESS CONTROL

4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days'

AUDIT AND ACCOUNTABILITY

4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server

RISK ASSESSMENT

4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server

AUDIT AND ACCOUNTABILITY

4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server

AUDIT AND ACCOUNTABILITY

4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server

AUDIT AND ACCOUNTABILITY

4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server

AUDIT AND ACCOUNTABILITY

4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server

AUDIT AND ACCOUNTABILITY