Skip to main content

๐Ÿ’ผ 10 Storage Services

  • Contextual name: ๐Ÿ’ผ 10 Storage Services
  • ID: /frameworks/cis-azure-v4.0.0/10
  • Located in: ๐Ÿ’ผ CIS Azure v4.0.0

Descriptionโ€‹

Empty...

Similarโ€‹

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 10.1 Azure Files3
ย ย ย ย ๐Ÿ’ผ 10.1.1 Ensure soft delete for Azure File Shares is Enabled (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.1.2 Ensure 'SMB protocol version' is set to 'SMB 3.1.1' or higher for SMB file shares (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.1.3 Ensure 'SMB channel encryption' is set to 'AES-256-GCM' or higher for SMB file shares (Automated)1
๐Ÿ’ผ 10.2 Azure Blob Storage2
ย ย ย ย ๐Ÿ’ผ 10.2.1 Ensure that soft delete for blobs on Azure Blob Storage storage accounts is Enabled (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.2.2 Ensure 'Versioning' is set to 'Enabled' on Azure Blob Storage storage accounts (Automated)1
๐Ÿ’ผ 10.3 Storage Accounts12
ย ย ย ย ๐Ÿ’ผ 10.3.1 Secrets and Keys3
ย ย ย ย ย ย ย ย ๐Ÿ’ผ 10.3.1.1 Ensure that 'Enable key rotation reminders' is enabled for each Storage Account (Manual)1
ย ย ย ย ย ย ย ย ๐Ÿ’ผ 10.3.1.2 Ensure that Storage Account access keys are periodically regenerated (Manual)1
ย ย ย ย ย ย ย ย ๐Ÿ’ผ 10.3.1.3 Ensure 'Allow storage account key access' for Azure Storage Accounts is 'Disabled' (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.3.2 Networking3
ย ย ย ย ย ย ย ย ๐Ÿ’ผ 10.3.2.1 Ensure Private Endpoints are used to access Storage Accounts (Automated)1
ย ย ย ย ย ย ย ย ๐Ÿ’ผ 10.3.2.2 Ensure that 'Public Network Access' is 'Disabled' for storage accounts (Automated)1
ย ย ย ย ย ย ย ย ๐Ÿ’ผ 10.3.2.3 Ensure default network access rule for storage accounts is set to deny (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.3.3 Identity and Access Management1
ย ย ย ย ย ย ย ย ๐Ÿ’ผ 10.3.3.1 Ensure that 'Default to Microsoft Entra authorization in the Azure portal' is set to 'Enabled' (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.3.4 Ensure that 'Secure transfer required' is set to 'Enabled' (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.3.5 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.3.6 Ensure Soft Delete is Enabled for Azure Containers and Blob Storage (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.3.7 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2' (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.3.8 Ensure 'Cross Tenant Replication' is not enabled (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.3.9 Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled' (Automated)1
ย ย ย ย ๐Ÿ’ผ 10.3.10 Ensure Azure Resource Manager Delete locks are applied to Azure Storage Accounts (Manual)1
ย ย ย ย ๐Ÿ’ผ 10.3.11 Ensure Azure Resource Manager ReadOnly locks are considered for Azure Storage Accounts (Manual)1
ย ย ย ย ๐Ÿ’ผ 10.3.12 Ensure Redundancy is set to 'geo-redundant storage (GRS)' on critical Azure Storage Accounts (Automated)1