Benchmark: 0805.01m1Organizational.12-01.m 01.04 Network Access Control
Description
The organization's security gateways (e.g. firewalls) enforce security policies and are configured to filter traffic between domains, block unauthorized access, and are used to maintain segregation between internal wired, internal wireless, and external network segments (e.g., the Internet) including DMZs and enforce access control policies for each of the domains.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 0805.01m1Organizational.12-01.m 01.04 Network Access Control.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.hipaa_hitrust_v92_0805_01m1organizational
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.hipaa_hitrust_v92_0805_01m1organizational --share
Controls
- App Service apps should use a virtual network service endpoint
- Virtual machines should be connected to an approved virtual network
- Internet-facing virtual machines should be protected with network security groups
- Container Registry should use a virtual network service endpoint
- Cosmos DB should use a virtual network service endpoint
- Event Hub should use a virtual network service endpoint
- Key Vault should use a virtual network service endpoint
- Gateway subnets should not be configured with a network security group
- Subnets should be associated with a Network Security Group
- SQL Server should use a virtual network service endpoint
- Storage Accounts should use a virtual network service endpoint