Control: 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled"
None of the settings offered by ASC Default policy should be set to effect Disabled. A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is set of security recommendations based on best practices.
Enabling recommendations in ASC default policy ensures that Azure security center provides ability to monitor all of the supported recommendations and allow automated action optionally for few of the supported recommendations.
Perform the following action to check ASC Default policy is set to enabled:
- Login to Azure console and navigate to Security Center.
Security policyblade under Management.
- Click on the subscription name,
- Expand All the available sections.
- Ensure that any of the setting is not set to Disabled.
Perform the following action to enable ASC Default policies:
- Navigate to Azure
- On Policy
Overviewtab, click on Policy
- On ASC Default blade, click on
- In section
Parameters, configure the impacted setting to any other available value than
- Click Review + Save.
- Click Save.
steampipe check azure_compliance.control.cis_v130_2_12
This control uses a named query:securitycenter_asc_default_setting_not_disabled