Benchmark: 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems
Description
Cryptographic key management and establishment can be performed using manual procedures or mechanisms supported by manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, policies, directives, regulations, and standards specifying appropriate options, levels, and parameters.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_171_rev_2_3_13_10
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_171_rev_2_3_13_10 --share
Controls
- Azure Batch account should use customer-managed keys to encrypt data
- Cognitive Services accounts should enable data encryption with a customer-managed key
- OS and data disks should be encrypted with a customer-managed key
- Managed disks should be double encrypted with both platform-managed and customer-managed keys
- Container Instance container group should use customer-managed key for encryption
- Container registries should be encrypted with a customer-managed key
- Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest
- Azure data factories should be encrypted with a customer-managed key
- Event Hub namespaces should use a customer-managed key for encryption
- Azure HDInsight clusters should use customer-managed keys to encrypt data at rest
- Azure HDInsight clusters should use encryption at host to encrypt data at rest
- Azure API for FHIR should use a customer-managed key to encrypt data at rest
- HPC Cache accounts should use customer-managed key for encryption
- Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys
- Azure Data Explorer encryption at rest should use a customer-managed key
- Azure Machine Learning workspaces should be encrypted with a customer-managed key
- SQL managed instances should use customer-managed keys to encrypt data at rest
- MySQL servers should use customer-managed keys to encrypt data at rest
- PostgreSQL servers should use customer-managed keys to encrypt data at rest
- Service Bus Premium namespaces should use a customer-managed key for encryption
- SQL servers should use customer-managed keys to encrypt data at rest
- Storage accounts should use customer-managed key for encryption
- Storage account encryption scopes should use customer-managed keys to encrypt data at rest
- Azure Synapse workspaces should use customer-managed keys to encrypt data at rest