2.2.2.1 Ensure Private Endpoints are used to access {service}

Information

Use private endpoints to allow clients and services to securely access data located over a network via an encrypted Private Link. To do this, the private endpoint uses an IP address from the VNet for each service. Network traffic between disparate services securely traverses encrypted over the VNet. This VNet can also link addressing space, extending your network and accessing resources on it. Similarly, it can be a tunnel through public networks to connect remote infrastructures together. This creates further security through segmenting network traffic and preventing outside sources from accessing it.

Securing traffic between services through encryption protects the data from easy interception and reading.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Impact:

If an Azure Virtual Network is not implemented correctly, this may result in the loss of critical network traffic.

Private endpoints are charged per hour of use. Refer to

https://azure.microsoft.com/en-us/pricing/details/private-link/

and

https://azure.microsoft.com/en-us/pricing/calculator/

to estimate potential costs.

See Also

https://workbench.cisecurity.org/benchmarks/19304

Item Details

Category: CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-7, 800-53|CP-6, 800-53|CP-7, 800-53|PL-8, 800-53|PM-7, 800-53|SA-8, 800-53|SC-7, CSCv7|14.1

Plugin: microsoft_azure

Control ID: b9a94bb37f1659ac7f9832861a1c9c5b14c007e7e5b3a608600f9c4fae478a7c