Ensure public access is disabled for Azure IoT Hub Device Provisioning Service (DPS)

MEDIUM

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

Go to Azure IoT Hub device provisioning service.
Choose an IoT Hub device provisioning service to edit.
In these Settings, Choose Networking.
Click on the Public Access and Choose disabled.
Click save.

In Terraform -

In the azurerm_iothub_dps resource, set public_network_access_enabled to false.

References:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iothub_dps#public_network_access_enabled

Policy Details

Rule Reference ID: AC_AZURE_0093

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_iothub_dps

Resource Category: Virtual Network

Resource Type: IoT Hub

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics