azure_compliance

Azure Compliance

Anonymous public read access to containers and blobs in Azure Storage is a convenient way to share data but might present security risks. To prevent data breaches caused by undesired anonymous access, Microsoft recommends preventing public access to a storage account unless your scenario requires it.

storage_account_block_public_access

nist_sp_800_171_rev_2_3_1_3

3.1.3 Control the flow of CUI in accordance with approved authorizations

nist_sp_800_171_rev_2_3_13_1

3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems

nist_sp_800_171_rev_2_3_13_2

3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems

nist_sp_800_171_rev_2_3_13_5

3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks

nist_sp_800_171_rev_2_3_13_6

3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception)

nist_sp_800_53_rev_5_sc_7_3

Access Points SC-7(3)

fedramp_high_sc_7

Boundary Protection (SC-7)

nist_sp_800_53_rev_5_sc_7

nist_sp_800_53_rev_5_ac_4

Information Flow Enforcement (AC-4)

fedramp_high_ac_4

fedramp_high_sc_7_3

SC-7(3) Access Points

all_controls_storage

Storage

Storage account public access should be disallowed

azure

azuread

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, HIPAA HITRUST, NIST, PCI DSS across all your Azure subscriptions using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-azure-compliance

Control: Storage account public access should be disallowed

Description

Usage

SQL

Tags