Benchmark: Cryptographic Protection SC-28(1)
Description
The information system implements cryptographic mechanisms to prevent unauthorized disclosure and modification of organization-defined information on organization-defined information system components.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Cryptographic Protection SC-28(1).
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_53_rev_5_sc_28_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_53_rev_5_sc_28_1 --shareControls
- App Service Environment should enable internal encryption
- Virtual machines and virtual machine scale sets should have encryption at host enabled
- Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources
- Azure Stack Edge devices should use double-encryption
- Azure Data Box jobs should enable double encryption for data at rest on the device
- Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host
- Disk encryption should be enabled on Azure Data Explorer
- Double encryption should be enabled on Azure Data Explorer
- Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption)
- Infrastructure encryption should be enabled for Azure Database for MySQL servers
- Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers
- Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign
- Transparent Data Encryption on SQL databases should be enabled
- Storage accounts should have infrastructure encryption