AzPolicyAdvertizer

last sync: 2021-Sep-22 19:36:51 UTC

Azure Policy definition

Keys using RSA cryptography should have a specified minimum key size

Name Keys using RSA cryptography should have a specified minimum key size
Azure Portal
Id 82067dbb-e53b-4e06-b631-546d197452d9
Version 1.0.1
details on versioning
Category Key Vault
Microsoft docs
Description Set the minimum allowed key size for use with your key vaults. Use of RSA keys with small key sizes is not a secure practice and doesn't meet many industry certification requirements.
Mode Microsoft.KeyVault.Data
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-08-30 14:27:30 change Patch, old suffix: preview (1.0.0-preview > 1.0.1)
2020-10-16 12:27:50 add 82067dbb-e53b-4e06-b631-546d197452d9
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
JSON Changes

JSON 
{
  "displayName": "Keys using RSA cryptography should have a specified minimum key size",
  "policyType": "BuiltIn",
  "mode": "Microsoft.KeyVault.Data",
  "description": "Set the minimum allowed key size for use with your key vaults. Use of RSA keys with small key sizes is not a secure practice and doesn't meet many industry certification requirements.",
  "metadata": {
    "version": "1.0.1",
    "category": "Key Vault"
  },
  "parameters": {
    "minimumRSAKeySize": {
      "type": "Integer",
      "metadata": {
        "displayName": "Minimum RSA key size",
        "description": "The minimum key size for RSA keys."
      },
      "allowedValues": [
        2048,
        3072,
        4096
      ]
    },
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy."
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.KeyVault.Data/vaults/keys"
        },
        {
          "field": "Microsoft.KeyVault.Data/vaults/keys/keyType",
          "in": [
            "RSA",
            "RSA-HSM"
          ]
        },
        {
          "field": "Microsoft.KeyVault.Data/vaults/keys/keySize",
          "less": "[parameters('minimumRSAKeySize')]"
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]"
    }
  }
}