Skip to main content

💼 4 Database Services

Contextual name: 💼 4 Database Services
ID: /frameworks/cis-azure-v1.1.0/04
Located in: 💼 CIS Azure v1.1.0

Description

This section covers security recommendations to follow to set general database services policies on an Azure Subscription. Subsections will address specific database types.

Similar

Internal
- ID: dec-b-f24d8b34

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 4.1 Ensure that 'Auditing' is set to 'On'		1	1
💼 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly
💼 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days'		1	1
💼 4.4 Ensure that 'Advanced Data Security' on a SQL server is set to 'On'
💼 4.5 Ensure that 'Threat Detection types' is set to 'All'
💼 4.6 Ensure that 'Send alerts to' is set
💼 4.7 Ensure that 'Email service and co-administrators' is 'Enabled'
💼 4.8 Ensure that Azure Active Directory Admin is configured		1	1
💼 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database
💼 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key)		1	1
💼 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server		1	1
💼 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server		1	1
💼 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server		1	1
💼 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server		1	1
💼 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server		1	1
💼 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server
💼 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server		1	1
💼 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
💼 4.19 Ensure that Azure Active Directory Admin is configured

Description
Similar
Sub Sections