azure_compliance

Azure Compliance

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.

appservice_function_app_cors_no_star

hipaa_hitrust_v92_0902_09s2organizational

0902.09s2Organizational.13-09.s 09.08 Exchange of Information

hipaa_hitrust_v92_0960_09scsporganizational

0960.09sCSPOrganizational.1-09.s 09.08 Exchange of Information

nist_sp_800_171_rev_2_3_4_1

3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles

nist_sp_800_171_rev_2_3_4_2

3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems

all_controls_appservice

App Service

fedramp_high_cm_6

Configuration Settings (CM-6)

nist_sp_800_53_rev_5_cm_6

Function apps should not have CORS configured to allow every resource to access your apps

azure

azuread

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, HIPAA HITRUST, NIST, PCI DSS across all your Azure subscriptions using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-azure-compliance

Control: Function apps should not have CORS configured to allow every resource to access your apps

Description

Usage

SQL

Tags