Ensure that minimum TLS version is set to 1.2 for Azure MSSQL Server

MEDIUM

Description

Organizations should try to utilize the latest version of TLS and modern ciphers to protect data from man-in-the-middle and similar attacks.

Remediation

In Azure Console -

Open the Azure Portal and go to SQL servers.
Choose the SQL server you wish to edit.
Under Networking.
Under Connectivity, Set Minimum TLS version to 1.2
Select Save

In Terraform -

In the azurerm_mssql_server resource, set minimum_tls_version to 1.2.

References:
https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql&tabs=azure-portal#minimal-tls-version
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server#minimum_tls_version

Policy Details

Rule Reference ID: AC_AZURE_0134

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_mssql_server

Resource Category: Database

Resource Type: SQL Server

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0