Benchmark: CIS v2.0.0
To obtain the latest version of the official guide, please visit http://benchmarks.cisecurity.org.
Overview
The CIS Microsoft Azure Foundations Security Benchmark provides prescriptive guidance for establishing a secure baseline configuration for Microsoft Azure.
Profiles
Level 1
Items in this profile intend to:
- be practical and prudent;
- provide security focused best practice hardening of a technology; and
- limit impact to the utility of the technology beyond acceptable means.
Level 2 (extends Level 1)
This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:
- are intended for environments or use cases where security is more critical than manageability and usability
- acts as defense in depth measure
- may impact the utility or performance of the technology
- may include additional licensing, cost, or addition of third party software.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select CIS v2.0.0.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v200
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v200 --share
Benchmarks
- 1 Identity and Access Management
- 2 Microsoft Defender
- 3 Storage Accounts
- 4 Database Services
- 5 Logging and Monitoring
- 6 Networking
- 7 Virtual Machines
- 8 Key Vault
- 9 AppService
- 10 Miscellaneous