Benchmark: CIS v4.0.0
CIS Microsoft Azure Foundations Benchmark v4.0.0
Overview
The CIS Microsoft Azure Foundations Benchmark v4.0.0 provides prescriptive guidance for establishing a secure baseline configuration for Microsoft Azure. This benchmark covers foundational elements of Azure cloud platform.
Benchmark Categories
The benchmark is organized into the following categories:
- Identity and Access Management
- Security Center
- Storage Accounts
- Database Services
- Logging and Monitoring
- Networking
- Virtual Machines
- Key Vault
- AppService
- Other Security Considerations
Levels
Each recommendation in this benchmark has a level designation indicating the depth of the security control:
- Level 1 - Practical security configurations that can be configured with minimal complexity
- Level 2 - More restrictive and security-focused recommendations that may have higher complexity or operational overhead
Implementation Notes
- Some controls may require elevated permissions to assess or modify
- Consider business requirements and operational impact when implementing controls
- Regular review and updates of security configurations is recommended
- Use automation where possible to maintain consistent security baselines
References
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select CIS v4.0.0.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v400Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v400 --shareBenchmarks
- 2 Common Reference Recommendations
- 3 Analytics Services
- 4 Compute Services
- 6 Identity Services
- 7 Management and Governance Services
- 8 Networking Services
- 9 Security Services
- 10 Storage Services