Benchmark: 3.11.3 Remediate vulnerabilities in accordance with risk assessments
Description
Vulnerabilities discovered, for example, via the scanning conducted in response to 3.11.2, are remediated with consideration of the related assessment of risk. The consideration of risk influences the prioritization of remediation efforts and the level of effort to be expended in the remediation for specific vulnerabilities.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 3.11.3 Remediate vulnerabilities in accordance with risk assessments.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_171_rev_2_3_11_3
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_171_rev_2_3_11_3 --share
Controls
- A vulnerability assessment solution should be enabled on your virtual machines
- Vulnerability assessment should be enabled on SQL Managed Instance
- Azure Defender for App Service should be enabled
- Microsoft Defender for Containers should be enabled
- Azure Defender for Key Vault should be enabled
- Azure Defender for Resource Manager should be enabled
- Azure Defender for servers should be enabled
- Azure Defender for Azure SQL Database servers should be enabled
- Azure Defender for SQL should be enabled for unprotected SQL Managed Instances
- Microsoft Defender for Storage (Classic) should be enabled
- SQL databases should have vulnerability findings resolved
- Vulnerability assessment should be enabled on your SQL servers
- Azure Defender for SQL should be enabled for unprotected Azure SQL servers
- Vulnerability assessment should be enabled on your Synapse workspaces