AzPolicyAdvertizer

last sync: 2021-May-17 14:22:45 UTC

Azure Policy definition

[Preview]: Keys using RSA cryptography should have a specified minimum key size

Name [Preview]: Keys using RSA cryptography should have a specified minimum key size
Azure Portal

Id 82067dbb-e53b-4e06-b631-546d197452d9

Version 1.0.0-preview
details on versioning

Category Key Vault
Microsoft docs

Description Set the minimum allowed key size for use with your key vaults. Use of RSA keys with small key sizes is not a secure practice and doesn't meet many industry certification requirements.

Mode Microsoft.KeyVault.Data

Type BuiltIn

Preview True

Deprecated FALSE

Effect Default: Audit
Allowed: (Audit, Deny, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2020-10-16 12:27:50	add	82067dbb-e53b-4e06-b631-546d197452d9

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State
[Preview]: CMMC Level 3	b5629c75-5c77-4422-87b9-2509e680f8de	Regulatory Compliance	Preview

JSON

{
  "properties": {
  "displayName": "[Preview]: Keys using RSA cryptography should have a specified minimum key size",
    "policyType": "BuiltIn",
    "mode": "Microsoft.KeyVault.Data",
    "description": "Set the minimum allowed key size for use with your key vaults. Use of RSA keys with small key sizes is not a secure practice and doesn't meet many industry certification requirements.",
    "metadata": {
      "version": "1.0.0-preview",
      "category": "Key Vault",
      "preview": true
    },
    "parameters": {
      "minimumRSAKeySize": {
        "type": "Integer",
        "metadata": {
        "displayName": "[Preview]: Minimum RSA key size",
          "description": "The minimum key size for RSA keys."
        },
        "allowedValues": [
          2048,
          3072,
          4096
        ]
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect",
          "description": "'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy."
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.KeyVault.Data/vaults/keys"
          },
          {
            "field": "Microsoft.KeyVault.Data/vaults/keys/keyType",
            "in": [
              "RSA",
              "RSA-HSM"
            ]
          },
          {
            "field": "Microsoft.KeyVault.Data/vaults/keys/keySize",
          "less": "[parameters('minimumRSAKeySize')]"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "82067dbb-e53b-4e06-b631-546d197452d9"
}