Skip to main content

๐Ÿ’ผ 3 Storage Accounts

  • Contextual name: ๐Ÿ’ผ 3 Storage Accounts
  • ID: /frameworks/cis-azure-v1.3.0/03
  • Located in: ๐Ÿ’ผ CIS Azure v1.3.0

Descriptionโ€‹

This section covers security recommendations to follow to set storage account policies on an Azure Subscription. An Azure storage account provides a unique namespace to store and access Azure Storage data objects.

Similarโ€‹

  • Internal
    • ID: dec-b-6094cbe9

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' - Level 1 (Automated)11
๐Ÿ’ผ 3.2 Ensure that storage account access keys are periodically regenerated - Level 1 (Manual)
๐Ÿ’ผ 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests - Level 2 (Manual)11
๐Ÿ’ผ 3.4 Ensure that shared access signature tokens expire within an hour - Level 1 (Manual _ Not supported, no API/CLI available by Azure)
๐Ÿ’ผ 3.5 Ensure that 'Public access level' is set to Private for blob containers - Level 1 (Automated)
๐Ÿ’ผ 3.6 Ensure default network access rule for Storage Accounts is set to deny - Level 2 (Automated)
๐Ÿ’ผ 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access - Level 2 (Manual)11
๐Ÿ’ผ 3.8 Ensure soft delete is enabled for Azure Storage - Level 1 (Automated)11
๐Ÿ’ผ 3.9 Ensure storage for critical data are encrypted with Customer Managed Key - Level 2 (Automated)11
๐Ÿ’ผ 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests - Level 2 (Manual)11
๐Ÿ’ผ 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests - Level 2 (Manual)