💼 8.3.7 Ensure Public Network Access is Disabled (Automated)
- ID:
/frameworks/cis-azure-v6.0.0/08/03/07
Stats
not available
Description
Disable public network access to prevent exposure to the internet and reduce the risk of unauthorized access. Use private endpoints to securely manage access within trusted networks.
When a private endpoint is configured on a key vault, connections from Azure resources within the same subnet will use its private IP address. However, network traffic from the public internet can still connect to the key vault's public endpoint (mykeyvault.vault.azure.net) using its public IP address unless public network access is disabled.
Disabling public network access removes the vault's public endpoint from Azure public DNS, reducing its exposure to the public internet. With a private endpoint configured, network traffic will use the vault's private endpoint IP address for all requests (mykeyvault.vault.privatelink.azure.net).
Similar
- Sections
/frameworks/cis-azure-v5.0.0/08/03/07
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS Azure v5.0.0 → 💼 8.3.7 Ensure Public Network Access is Disabled (Automated) | 1 | no data |
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS Azure v5.0.0 → 💼 8.3.7 Ensure Public Network Access is Disabled (Automated) | 1 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ Azure Key Vault Public Network Access is enabled🟢 | 1 | 🟢 x6 | no data |