Skip to main content

๐Ÿ’ผ 2 Security Center

  • Contextual name: ๐Ÿ’ผ 2 Security Center
  • ID: /frameworks/cis-azure-v1.1.0/02
  • Located in: ๐Ÿ’ผ CIS Azure v1.1.0

Descriptionโ€‹

This section covers security recommendations to follow when setting various security policies on an Azure Subscription. A security policy defines the set of controls, which are recommended for resources within the specified Azure subscription. Please note that the majority of the recommendations mentioned in this section only produce an alert if a security violation is found. They do not actually enforce security settings by themselves. Alerts should be acted upon and remedied wherever possible.

Similarโ€‹

  • Internal
    • ID: dec-b-17827a98

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 2.1 Ensure that standard pricing tier is selected
๐Ÿ’ผ 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On'
๐Ÿ’ผ 2.3 Ensure ASC Default policy setting "Monitor System Updates" is not "Disabled"
๐Ÿ’ผ 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled"
๐Ÿ’ผ 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled"
๐Ÿ’ผ 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled"
๐Ÿ’ผ 2.7 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled"
๐Ÿ’ผ 2.8 Ensure ASC Default policy setting "Monitor Web Application Firewall" is not "Disabled"
๐Ÿ’ผ 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled"
๐Ÿ’ผ 2.10 Ensure ASC Default policy setting "Monitor Vulnerability Assessment" is not "Disabled"
๐Ÿ’ผ 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled"
๐Ÿ’ผ 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled"
๐Ÿ’ผ 2.13 Ensure ASC Default policy setting "Monitor Adaptive Application Whitelisting" is not "Disabled"
๐Ÿ’ผ 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled"
๐Ÿ’ผ 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled"
๐Ÿ’ผ 2.16 Ensure that 'Security contact emails' is set11
๐Ÿ’ผ 2.17 Ensure that security contact 'Phone number' is set
๐Ÿ’ผ 2.18 Ensure that 'Send email notification for high severity alerts' is set to 'On'
๐Ÿ’ผ 2.19 Ensure that 'Send email also to subscription owners' is set to 'On'11