Ensure the "Minimum TLS version" is set to "Version 1.2"

MEDIUM

Description

Description:

In some cases, Azure Storage sets the minimum TLS version to be version 1.0 by default. TLS 1.0 is a legacy version and has known vulnerabilities. This minimum TLS version can be configured to be later protocols such as TLS 1.2.

Rationale:

TLS 1.0 has known vulnerabilities and has been replaced by later versions of the TLS protocol. Continued use of this legacy protocol affects the security of data in transit.

When set to TLS 1.2 all requests must leverage this version of the protocol. Applications leveraging legacy versions of the protocol will fail.

Remediation

From Azure Console

Login to Azure Portal using https://portal.azure.com
Go to 'Storage Accounts'
Click on each Storage Account
Under 'Setting' section, Click on 'Configuration'
Set the 'minimum TLS version' to be Version 1.2

From Azure CLI

az storage account update
--name
--resource-group
--min-tls-version TLS1_2

From Azure PowerShell

To set the minimum TLS version, run the following command:

Set-AzStorageAccount -AccountName '
-ResourceGroupName '
-MinimumTlsVersion TLS1_2

Policy Details

Rule Reference ID: AC_AZURE_0212

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_storage_account

Resource Category: Storage

Resource Type: Storage Accounts

Frameworks

CIS Azure Foundations v1.4.0 Level 1
CIS Azure Foundations v1.5.0 Level 1
CIS Azure Foundations v2.0.0 Level 1
CSCv8
NIST-800-53
NIST-800-171
NIST-CSF
GDPR
HIPAA
ISO-27001
CSCv7

Detections

Analytics