Skip to main content

๐Ÿ’ผ 3 Storage Accounts

  • Contextual name: ๐Ÿ’ผ 3 Storage Accounts
  • ID: /frameworks/cis-azure-v2.0.0/03
  • Located in: ๐Ÿ’ผ CIS Azure v2.0.0

Descriptionโ€‹

This section covers security recommendations to follow to set storage account policies on an Azure Subscription. An Azure storage account provides a unique namespace to store and access Azure Storage data objects.

Similarโ€‹

  • Internal
    • ID: dec-b-fb64086e

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' - Level 1 (Automated)11
๐Ÿ’ผ 3.2 Ensure that โ€˜Enable Infrastructure Encryptionโ€™ for Each Storage Account in Azure Storage is Set to โ€˜enabledโ€™ - Level 2 (Automated)11
๐Ÿ’ผ 3.3 Ensure that 'Enable key rotation reminders' is enabled for each Storage Account - Level 1 (Manual)
๐Ÿ’ผ 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated - Level 1 (Manual)
๐Ÿ’ผ 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests - Level 2 (Automated)11
๐Ÿ’ผ 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour - Level 1 (Manual)
๐Ÿ’ผ 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers - Level 1 (Automated)
๐Ÿ’ผ 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny - Level 1 (Automated)
๐Ÿ’ผ 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access - Level 2 (Automated)11
๐Ÿ’ผ 3.10 Ensure Private Endpoints are used to access Storage Accounts - Level 1 (Automated)
๐Ÿ’ผ 3.11 Ensure Soft Delete is Enabled for Azure Containers and Blob Storage - Level 1 (Automated)11
๐Ÿ’ผ 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys - Level 2 (Manual)
๐Ÿ’ผ 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests - Level 2 (Automated)11
๐Ÿ’ผ 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests - Level 2 (Automated)
๐Ÿ’ผ 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" - Level 1 (Automated)11