Benchmark: Protection Of Information At Rest (SC-28)
Description
The information system protects the [Selection (one or more): confidentiality; integrity] of [Assignment: organization-defined information at rest].
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Protection Of Information At Rest (SC-28).
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.fedramp_high_sc_28Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.fedramp_high_sc_28 --shareBenchmarks
Controls
- App Service Environment should enable internal encryption
- Automation account variables should be encrypted
- Virtual machines and virtual machine scale sets should have encryption at host enabled
- Azure Stack Edge devices should use double-encryption
- Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host
- Disk encryption should be enabled on Azure Data Explorer
- Double encryption should be enabled on Azure Data Explorer
- Infrastructure encryption should be enabled for Azure Database for MySQL servers
- Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers
- Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign
- Transparent Data Encryption on SQL databases should be enabled
- Storage accounts should have infrastructure encryption