D9.AZU.IAM.09 | Ensure that Register with Entra ID is enabled on App Service | Low | Modification | | - Ensure that Register with Azure Active Directory is enabled on App Service
| - Ensure that Register with Entra ID is enabled on App Service
| - Azure CIS Foundations Benchmark v1.4.0
- Azure CIS Foundations Benchmark v1.5.0
- Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- Azure CIS Foundations Benchmark v2.0.0
- CloudGuard Azure All Rules Ruleset
- Azure CSA CCM v4
- CIS Microsoft Azure Compute Services Benchmark v1.0.0
- Azure APRA 234
- Azure MLPS 2.0 (Level 3)
- Azure CRI Profile v1.2
- Azure RMiT Malaysia
- Azure CIS Critical Security Controls v8
- Azure NIST SP 800-172
- Azure SOX (Section 404)
- Azure Secure Controls Framework (SCF) v2023.1
- Azure ISO 27002:2022
- Azure New Zealand ISM v3.6
- Azure CIS Foundations Benchmark v2.1.0
- Azure SOC 2 (AICPA TSC 2017 Controls)
- Azure HIPAA
- Azure CIS Foundations Benchmark v1.1.0
- Azure CloudGuard Best Practices
- Azure Microsoft Cloud Security Benchmark (MCSB) v1
- Azure CIS Foundations Benchmark v1.2.0
- Azure CIS Foundations Benchmark v1.3.0
- Azure ITSG-33 Canada
- Azure CIS Foundations Benchmark v1.3.1
|
D9.AZU.IAM.03 | Ensure that Microsoft Entra authentication is Configured for SQL Servers | Low | Modification | | - Ensure that Azure Active Directory Admin is Configured for SQL Servers
| - Ensure that Microsoft Entra authentication is Configured for SQL Servers
| - Azure LGPD
- Azure CIS Foundations Benchmark v1.5.0
- Azure PCI DSS v4
- Azure CIS Foundations Benchmark v2.0.0
- CloudGuard Azure All Rules Ruleset
- Azure CSA CCM v4
- Azure APRA 234
- Azure ISO 27001:2022
- Azure CIS Foundations Benchmark v1.0.0
- Azure ENS 2022 Spain
- Azure CRI Profile v1.2
- Azure NIST SP 800-171 R2
- Azure RMiT Malaysia
- Azure CIS Critical Security Controls v8
- Azure PCI DSS v3.2.1
- Azure NIST SP 800-53 R4
- Azure SOX (Section 404)
- Azure Secure Controls Framework (SCF) v2023.1
- Azure ISO 27002:2022
- Azure New Zealand ISM v3.6
- Azure CIS Foundations Benchmark v2.1.0
- Azure CSA CCM v3
- Azure ISO 27001:2013
- Azure SOC 2 (AICPA TSC 2017 Controls)
- Azure HIPAA
- Azure CIS Foundations Benchmark v1.1.0
- Azure NIST SP 800-171 R1
- Azure CloudGuard Best Practices
- Azure Microsoft Cloud Security Benchmark (MCSB) v1
- Azure New Zealand ISM v3.4
- Azure HITRUST CSF v9.5
- Azure ITSG-33 Canada
|
D9.AZU.IAM.48 | Ensure That 'Subscription leaving Microsoft Entra ID directory' and 'Subscription entering Microsoft Entra ID directory' Is Set To 'Permit No One' | Low | Modification | | - Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
| - Ensure That 'Subscription leaving Microsoft Entra ID directory' and 'Subscription entering Microsoft Entra ID directory' Is Set To 'Permit No One'
| - Azure CIS Foundations Benchmark v1.5.0
- Azure NIST SP 800-53 R5
- Azure CIS Foundations Benchmark v2.0.0
- CloudGuard Azure All Rules Ruleset
- Azure CSA CCM v4
- Azure APRA 234
- Azure CMMC 2.0 v1.02
- Azure CRI Profile v1.2
- Azure NIST SP 800-171 R2
- Azure RMiT Malaysia
- Azure CIS Critical Security Controls v8
- Azure FedRAMP R5 (moderate)
- Azure SOX (Section 404)
- Azure Secure Controls Framework (SCF) v2023.1
- Azure CIS Foundations Benchmark v2.1.0
- Azure SOC 2 (AICPA TSC 2017 Controls)
- Azure HIPAA
- Azure CloudGuard Best Practices
- Azure Microsoft Cloud Security Benchmark (MCSB) v1
|
D9.AZU.MON.108 | Ensure that NAT Gateway is Healthy | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CSA CCM v4
- Azure ENS 2022 Spain
- Azure NIST SP 800-171 R2
- Azure NY DFS 23 CRR 500
- Azure ACSC ISM
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure FFIEC Cybersecurity Assessment Tool (CAT)
- Azure Secure Controls Framework (SCF) v2023.1
- Azure EU GDPR
- Azure NIST CSF v1.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
- Azure HIPAA
|
D9.AZU.NET.119 | Ensure that Network Security Group should restrict ArangoDB access (TCP and UDP - port 8529) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.120 | Ensure that Network Security Group should restrict Cassandra access (TCP - port 7000) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.122 | Ensure that Network Security Group should restrict CouchDB access (TCP - port 5984) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.123 | Ensure that Network Security Group should restrict etcd access (TCP - port 2379) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.124 | Ensure that Network Security Group should restrict Kibana access (TCP - port 5601) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.125 | Ensure that Network Security Group should restrict LDAP access (TCP - port 389) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.126 | Ensure that Network Security Group should restrict MaxDB access (TCP - port 7210) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.127 | Ensure that Network Security Group should restrict Memcached access (TCP/UDP - port 11211) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.128 | Ensure that Network Security Group should restrict Neo4J access (TCP - port 7473) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.129 | Ensure that Network Security Group should restrict POP3 access (TCP - port 110) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.130 | Ensure that Network Security Group should restrict Redis access (TCP - port 6379) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.131 | Ensure that Network Security Group should restrict RethinkDB access (TCP - port 8080) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.132 | Ensure that Network Security Group should restrict Riak access (TCP - port 8087) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.133 | Ensure that Network Security Group should restrict Solr access (TCP - port 7574) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.134 | Ensure that Network Security Group should restrict Elastic Search access (TCP - port 9200 and 9300) | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.NET.135 | Ensure that Network Security Group should restrict access over ports higher than 1024 | High | New | | | | - Azure NIST SP 800-53 R5
- Azure PCI DSS v4
- CloudGuard Azure All Rules Ruleset
- Azure CMMC 2.0 v1.02
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure SWIFT Customer Security Programme CSCF
- Azure Secure Controls Framework (SCF) v2023.1
- Azure SOC 2 (AICPA TSC 2017 Controls)
|
D9.AZU.OPE.82 | Ensure NAT Gateway is Configured with Tags | Informational | New | | | | - Azure NIST SP 800-53 R5
- CloudGuard Azure All Rules Ruleset
- Azure NIST SP 800-171 R2
- Azure FedRAMP R5 (moderate)
- Azure ISO 27017:2015
- Azure Secure Controls Framework (SCF) v2023.1
- Azure NIST CSF v1.1
|
D9.AZU.IAM.73 | Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled' | High | Modification | | - Ensure Anonymous Access is Not Turned On for Blob Containers in Microsoft Azure Storage Accounts
| - Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled'
| - Azure CIS Foundations Benchmark v2.0.0
- CloudGuard Azure All Rules Ruleset
- Azure SOX (Section 404)
- Azure ISO 27002:2022
- Azure New Zealand ISM v3.6
- Azure CIS Foundations Benchmark v2.1.0
- Azure HIPAA
|
D9.AWS.IAM.46 | Ensure that Lambda Function execution role policy doesn't have an overly permissive scope (Contains a wildcard) | High | Removal | | | | - AWS LGPD
- AWS NIST SP 800-53 R5
- AWS MITRE ATT&CK Framework v11.3
- AWS PCI DSS v4
- AWS HITRUST CSF v11.0
- AWS NIST SP 800-53 R4
- AWS CSA CCM v4
- CloudGuard AWS All Rules Ruleset
- AWS ISO 27001:2022
- AWS APRA 234
- AWS ENS 2022 Spain
- AWS MLPS 2.0
- AWS CMMC 2.0 v1.02
- AWS PCI DSS v3.2.1
- AWS NIST SP 800-171 R2
- AWS New Zealand ISM v3.6
- AWS CSA CCM v3
- AWS ACSC ISM
- AWS FedRAMP R5 (moderate)
- AWS ISO 27017:2015
- AWS SWIFT Customer Security Programme CSCF
- AWS FFIEC Cybersecurity Assessment Tool (CAT)
- AWS SOX (Section 404)
- AWS Secure Controls Framework (SCF) v2023.1
- AWS ISO 27002:2022
- AWS ISO 27001:2013
- AWS NIST CSF v1.1
- AWS Well-Architected Framework
- AWS CloudGuard Best Practices
- AWS CCPA
- AWS MAS TRM
- AWS NIST SP 800-171 R1
- AWS HITRUST CSF v9.2
- AWS ITSG-33 Canada
- AWS MITRE ATT&CK Framework v10
|