Control: 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled'
Description
None of the settings offered by ASC Default policy should be set to effect Disabled. A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is set of security recommendations based on best practices.
Enabling recommendations in ASC default policy ensures that Azure security center provides ability to monitor all of the supported recommendations and allow automated action optionally for few of the supported recommendations.
Remediation
From Console
Perform the following action to check ASC Default policy is set to enabled:
- Navigate to
Azure Policy - On Policy "Overview" blade, Click on Policy
ASC Default(<Subscription:Subscription_ID>) - On "ASC Default" blade, Click on
Edit Assignments - In section
PARAMETERS, configure the impacted setting to any other available value thanDisabledor empty - Click
Save
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v140_2_12Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v140_2_12 --shareSQL
This control uses a named query:
with policy_assignment_parameters as ( select id, name, key, parameters -> key ->> 'value' as value, subscription_id from azure_policy_assignment, jsonb_object_keys(parameters) as key where name = 'SecurityCenterBuiltIn')select sub.id as resource, case when count(value = 'Disabled') > 0 then 'alarm' else 'ok' end as status, case when count(value = 'Disabled') > 0 then 'Settings disabled for ' || count(*) filter (where value = 'Disabled') || ' parameters.' else 'Settings enabled for all the parameters.' end as reason , sub.display_name as subscriptionfrom policy_assignment_parameters pol_assignment right join azure_subscription sub on pol_assignment.subscription_id = sub.subscription_idgroup by sub.id, pol_assignment.id, sub._ctx, sub.subscription_id, pol_assignment.subscription_id, sub.display_name;