Ensure that the attribute 'vulnerable_tls_cipher_suite' in Defender for IoT is not set to false

MEDIUM

Description

Insecure TLS configuration can impact the confidentiality of data in transit. Organizations should try to utilize the latest version of TLS and modern ciphers to protect data from man-in-the-middle and similar attacks.

Remediation

In Azure Console -

  1. Go to Azure IoT Hub.
  2. Choose an IoT Hub to edit.
  3. In the Defender for IoT, Choose Settings.
  4. Click on the Recommendation Configuration and choose the Vulnerable TLS cipher suite recommendation.
  5. Click Enable.

In Terraform -

  1. In the azurerm_iot_security_solution resource, set recommendations_enabled.vulnerable_tls_cipher_suite to true.

References:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iot_security_solution#vulnerable_tls_cipher_suite

Policy Details

Rule Reference ID: AC_AZURE_0105
CSP: Azure
Remediation Available: Yes
Resource Category: Management
Resource Type: IoT Hub

Frameworks