Benchmark: 3.1.14 Route remote access via managed access control points
Description
Routing remote access through managed access control points enhances explicit, organizational control over such connections, reducing the susceptibility to unauthorized access to organizational systems resulting in the unauthorized disclosure of CUI.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 3.1.14 Route remote access via managed access control points.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_171_rev_2_3_1_14
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_171_rev_2_3_1_14 --share
Controls
- App Configuration should use private link
- Cognitive Services should use private link
- Disk access resources should use private link
- Container registries should use private link
- CosmosDB accounts should use private link
- Azure Data Factory should use private link
- Azure Event Grid domains should use private link
- Azure Event Grid topics should use private link
- Event Hub namespaces should use private link
- Azure API for FHIR should use private link
- IoT Hub device provisioning service instances should use private link
- Azure Key Vaults should use private link
- Private endpoint should be enabled for MariaDB servers
- Private endpoint should be enabled for MySQL servers
- Private endpoint should be enabled for PostgreSQL servers
- Azure Cache for Redis should use private link
- Azure Cognitive Search services should use private link
- Azure Cognitive Search service should use a SKU that supports private link
- Azure Service Bus namespaces should use private link
- Azure SignalR Service should use private link
- Azure Spring Cloud should use network injection
- Private endpoint connections on Azure SQL Database should be enabled
- Storage accounts should restrict network access
- Storage accounts should use private link
- Azure File Sync should use private link
- Azure Synapse workspaces should use private link