Control: 3.12 Ensure the 'Minimum TLS version' is set to 'Version 1.2'
Description
TLS 1.0 has known vulnerabilities and has been replaced by later versions of the TLS protocol. Continued use of this legacy protocol affects the security of data in transit.
Remediation
From Console
- Login to Azure Portal
- Go to
Storage Accounts - Click on each Storage Account
- Under
Settingsection, Click onConfiguration - Set the
minimum TLS versionto be Version1.2
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v140_3_12Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v140_3_12 --shareSQL
This control uses a named query:
select sa.id as resource, case when minimum_tls_version = 'TLSEnforcementDisabled' then 'alarm' when minimum_tls_version = 'TLS1_2' then 'ok' else 'alarm' end as status, case when minimum_tls_version = 'TLSEnforcementDisabled' then sa.name || ' TLS enforcement is disabled.' when minimum_tls_version = 'TLS1_2' then sa.name || ' minimum TLS version set to ' || minimum_tls_version || '.' else sa.name || ' minimum TLS version set to ' || minimum_tls_version || '.' end as reason , sa.resource_group as resource_group , sub.display_name as subscriptionfrom azure_storage_account sa left join azure_subscription sub on sub.subscription_id = sa.subscription_id;