Benchmark: 3 Storage Accounts
This section covers security recommendations to follow to set storage account policies on an Azure Subscription. An Azure storage account provides a unique namespace to store and access Azure Storage data objects.
steampipe check azure_compliance.benchmark.cis_v130_3
- 3.1 Ensure that 'Secure transfer required' is set to 'Enabled'
- 3.2 Ensure that storage account access keys are periodically regenerated
- 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests
- 3.4 Ensure that shared access signature tokens expire within an hour
- 3.5 Ensure that 'Public access level' is set to Private for blob containers
- 3.6 Ensure default network access rule for Storage Accounts is set to deny
- 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access
- 3.8 Ensure soft delete is enabled for Azure Storage
- 3.9 Ensure storage for critical data are encrypted with Customer Managed Key
- 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests
- 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests