azure_compliance

Azure Compliance

Audit built-in roles such as 'Owner, Contributor, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling.

iam_no_custom_role

hipaa_hitrust_v92_1148_01c2system

1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems

hipaa_hitrust_v92_1230_09c2organizational

1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures

nist_sp_800_171_rev_2_3_1_1

3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)

nist_sp_800_171_rev_2_3_1_2

3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute

nist_sp_800_171_rev_2_3_1_5

3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts

fedramp_high_ac_2_7

AC-2(7) Role-Based Schemes

fedramp_high_ac_6_7

AC-6(7) Review Of User Privileges

fedramp_high_ac_2

Account Management (AC-2)

nist_sp_800_53_rev_5_ac_2

all_controls_activedirectory

Active Directory

rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_a

Identification and Classification of Information Assets-3.1.a

fedramp_high_ac_6

Least Privilege (AC-6)

nist_sp_800_53_rev_5_ac_6

rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_f

Maker-checker-3.1.f

pci_dss_v321_requirement_3_2

PCI DSS requirement 3.2

pci_dss_v321_requirement_7_2_1

PCI DSS requirement 7.2.1

pci_dss_v321_requirement_8_3_1

PCI DSS requirement 8.3.1

nist_sp_800_53_rev_5_ac_2_7

Privileged User Accounts AC-2(7)

nist_sp_800_53_rev_5_ac_6_7

Review of User Privileges AC-6(7)

Audit usage of custom RBAC roles

azure

azuread

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, HIPAA HITRUST, NIST, PCI DSS across all your Azure subscriptions using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-azure-compliance

Control: Audit usage of custom RBAC roles

Description

Usage

SQL

Tags