Benchmark: ID.AM-03
Description
Representations of the organization's authorized network communication and internal and external network data flows are maintained.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select ID.AM-03.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.nist_csf_v2_id_am_03
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.nist_csf_v2_id_am_03 --share
Controls
- Web Application Firewall (WAF) should be enabled for Application Gateway
- Resource logs in Key Vault should be enabled
- Deploy Diagnostic Settings for Network Security Groups
- Subnets should be associated with a Network Security Group
- Network Watcher should be enabled
- Flow logs should be configured for every network security group
- All flow log resources should be in enabled state
- Network Watcher flow logs should have traffic analytics enabled