Skip to main content

๐Ÿ’ผ 3 Storage Accounts

  • Contextual name: ๐Ÿ’ผ 3 Storage Accounts
  • ID: /frameworks/cis-azure-v2.1.0/03
  • Located in: ๐Ÿ’ผ CIS Azure v2.1.0

Descriptionโ€‹

This section covers security recommendations to follow to set storage account policies on an Azure Subscription. An Azure storage account provides a unique namespace to store and access Azure Storage data objects.

Similarโ€‹

  • Internal
    • ID: dec-b-33e4861d

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' - Level 1 (Automated)11
๐Ÿ’ผ 3.2 Ensure that Enable Infrastructure Encryption for Each Storage Account in Azure Storage is Set to enabled - Level 2 (Automated)11
๐Ÿ’ผ 3.3 Ensure that 'Enable key rotation reminders' is enabled for each Storage Account - Level 1 (Manual)1
๐Ÿ’ผ 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated - Level 1 (Manual)1
๐Ÿ’ผ 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests - Level 2 (Automated)11
๐Ÿ’ผ 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour - Level 1 (Manual)1
๐Ÿ’ผ 3.7 Ensure that 'Public Network Access' is `Disabled' for storage accounts - Level 1 (Automated)1
๐Ÿ’ผ 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny - Level 1 (Automated)1
๐Ÿ’ผ 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access - Level 2 (Automated)11
๐Ÿ’ผ 3.10 Ensure Private Endpoints are used to access Storage Accounts - Level 1 (Automated)1
๐Ÿ’ผ 3.11 Ensure Soft Delete is Enabled for Azure Containers and Blob Storage - Level 1 (Automated)11
๐Ÿ’ผ 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys (CMK) - Level 2 (Manual)1
๐Ÿ’ผ 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests - Level 2 (Automated)11
๐Ÿ’ผ 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests - Level 2 (Automated)1
๐Ÿ’ผ 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" - Level 1 (Automated)11
๐Ÿ’ผ 3.16 Ensure 'Cross Tenant Replication' is not enabled - Level 1 (Automated)11
๐Ÿ’ผ 3.17 Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled' - Level 1 (Automated)11