last sync: 2024-Feb-21 20:03:25 UTC

Web Application Firewall (WAF) should enable all firewall rules for Application Gateway

Azure BuiltIn Policy definition

Source Azure Portal
Display name Web Application Firewall (WAF) should enable all firewall rules for Application Gateway
Id 632d3993-e2c0-44ea-a7db-2eca131f356d
Version 1.0.1
Details on versioning
Category Network
Microsoft Learn
Description Enabling all Web Application Firewall (WAF) rules strengthens your application security and protects your web applications against common vulnerabilities. To learn more about Web Application Firewall (WAF) with Application Gateway, visit https://aka.ms/waf-ag
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Network/applicationGateways/webApplicationFirewallConfiguration.disabledRuleGroups[*] Microsoft.Network applicationGateways properties.webApplicationFirewallConfiguration.disabledRuleGroups[*] false
Rule resource types IF (1)
Microsoft.Network/applicationGateways
Compliance
The following 3 compliance controls are associated with this Policy definition 'Web Application Firewall (WAF) should enable all firewall rules for Application Gateway' (632d3993-e2c0-44ea-a7db-2eca131f356d)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Guidelines for M365 Certification Protecting systems and resources Shared n/a Ensures that apps have strong security and compliance practices in place to protect customer data, security, and privacy. link 24
RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Management And Security Network Device Configuration Management-4.3 n/a Ensure that all the network devices are configured appropriately and periodically assess whether the configurations are appropriate to the desired level of network security. 17
RBI_CSF_Banks_v2016 6.7 RBI_CSF_Banks_v2016_6.7 Application Security Life Cycle (Aslc) Application Security Life Cycle (Aslc)-6.7 n/a Ensure that software/application development practices addresses the vulnerabilities based on best practices baselines such as Open Web Application Security Project (OWASP) proactively and adopt principle of defence-in-depth to provide layered security mechanism. 6
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Reserve Bank of India - IT Framework for Banks d0d5578d-cc08-2b22-31e3-f525374f235a Regulatory Compliance Preview BuiltIn
ACAT for Microsoft 365 Certification 80307b86-ab81-45ab-bf4f-4e0b93cf3dd5 Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-23 16:35:49 change Patch (1.0.0 > 1.0.1)
2022-07-08 16:32:07 add 632d3993-e2c0-44ea-a7db-2eca131f356d
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC