azure_compliance

Azure Compliance

Secrets should have a defined expiration date and not be permanent. Secrets that are valid forever provide a potential attacker with more time to compromise them. It is a recommended security practice to set expiration dates on secrets.

keyvault_secret_expiration_set

nist_sp_800_171_rev_2_3_5_2

3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems.

fedramp_high_ia_5

Authenticator Management (IA-5)

nist_sp_800_53_rev_5_ia_5

all_controls_keyvault

Key Vault

rbi_itf_nbfc_v2017_it_information_and_cyber_security_3_1_h

Public Key Infrastructure (PKI)-3.1.h

Key Vault secrets should have an expiration date

azure

azuread

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, HIPAA HITRUST, NIST, PCI DSS across all your Azure subscriptions using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-azure-compliance

Control: Key Vault secrets should have an expiration date

Description

Usage

SQL

Tags