Benchmark: Configuration Settings (CM-6)

Description

The organization: (i) establishes mandatory configuration settings for information technology products employed within the information system; (ii) configures the security settings of information technology products to the most restrictive mode consistent with operational requirements; (iii) documents the configuration settings; and (iv) enforces the configuration settings in all components of the information system.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-azure-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select Configuration Settings (CM-6).

Run this benchmark in your terminal:

powerpipe benchmark run azure_compliance.benchmark.fedramp_high_cm_6

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run azure_compliance.benchmark.fedramp_high_cm_6 --share

Controls

• App Service apps should have Client Certificates (Incoming client certificates) enabled
• App Service apps should not have CORS configured to allow every resource to access your apps
• App Service apps should have remote debugging turned off
• Function apps should have 'Client Certificates (Incoming client certificates)' enabled
• Function apps should not have CORS configured to allow every resource to access your apps
• Function apps should have remote debugging turned off
• Linux machines should meet requirements for the Azure compute security baseline
• Windows machines should meet requirements of the Azure compute security baseline
• Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters