As a security best practice, API endpoints that haven't received traffic for 30 days are considered unused and should be removed from the Azure API Management service. Keeping unused API endpoints may pose a security risk to your organization. These may be APIs that should have been deprecated from the Azure API Management service but may have been accidentally left active. Such APIs typically do not receive the most up to date security coverage.
Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Assessment(s)
Assessments count: 1 Assessment Id: 4e8c00a2-e8bc-42a8-9e12-99584a51ad10 DisplayName: API endpoints that are unused should be disabled and removed from the Azure API Management service Description: API endpoints that have not received traffic for 30 days are deemed unused and pose a potential security risk. They may have been left active accidentally when they should have been deprecated. These unused APIs often lack the latest security updates, making them vulnerable. We recommend disabling and removing these endpoints from the Azure API Management service to prevent potential security breaches. Related OWASP API Security Top 10 Risks: (API8:2023) Security Misconfiguration Remediation description: Note: Manually verify that the API endpoint is unused and consider any potential impact this may cause before removing the API endpoint from the Azure API Management service. 1. Navigate to the Azure API Management service to locate the unhealthy resources within the Azure Portal. 2. In the left pane, select APIs. 3. Select the API with the associated API collection name that is hosting the affected API endpoint (in Azure API Management, known as "API operation"). 4. Select the ellipses (...) next to the endpoint and select "Delete" to remove the unused API endpoint. Categories: Data Severity: Low Implementation effort: Low Threats: MissingCoverage
The following 4 compliance controls are associated with this Policy definition 'API endpoints that are unused should be disabled and removed from the Azure API Management service' (c8acafaf-3d23-44d1-9624-978ef0f8652c)
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
**Security Principle:**
Ensure security attributes or configurations of the assets are always updated during the asset lifecycle.
**Azure Guidance:**
Establish or update security policies/process that address asset lifecycle management processes for potentially high impact modifications. These modifications include changes to identity providers and access, data sensitivity, network configuration, and administrative privilege assignment.
Remove Azure resources when they are no longer needed.
**Implementation and additional context:**
Delete Azure resource group and resource:
https://docs.microsoft.com/azure/azure-resource-manager/management/delete-resource-group
Establish Procedures for Managing the Security of System Operations
Shared
n/a
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions.
Establish Protective Measures for Administrator Privileges and Security Configurations
Shared
n/a
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations.
Agencies intending to adopt cloud technologies or services SHOULD apply controls to detect and prevent unauthorised data transfers and multiple or large scale data transfers to offshore locations and entities.
1
No results
Initiatives usage
Rows: 1-3 / 3
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
Patch, old suffix: preview (1.0.0-preview > 1.0.1)
2023-08-03 17:56:09
add
c8acafaf-3d23-44d1-9624-978ef0f8652c
JSON compare
compare mode:version left:version right:
1.0.0-preview → 1.0.1RENAMED
@@ -1,13 +1,12 @@
1
{
2
- "displayName": "[Preview]: API endpoints that are unused should be disabled and removed from the Azure API Management service",
3
"policyType": "BuiltIn",
4
"mode": "All",
5
"description": "As a security best practice, API endpoints that haven't received traffic for 30 days are considered unused and should be removed from the Azure API Management service. Keeping unused API endpoints may pose a security risk to your organization. These may be APIs that should have been deprecated from the Azure API Management service but may have been accidentally left active. Such APIs typically do not receive the most up to date security coverage.",
6
"metadata": {
7
"category": "Security Center",
8
- "preview": true,
9
- "version": "1.0.0-preview"
10
},
11
"parameters": {
12
"effect": {
13
"type": "String",
1
{
2
+ "displayName": "API endpoints that are unused should be disabled and removed from the Azure API Management service",
3
"policyType": "BuiltIn",
4
"mode": "All",
5
"description": "As a security best practice, API endpoints that haven't received traffic for 30 days are considered unused and should be removed from the Azure API Management service. Keeping unused API endpoints may pose a security risk to your organization. These may be APIs that should have been deprecated from the Azure API Management service but may have been accidentally left active. Such APIs typically do not receive the most up to date security coverage.",
displayName: "API endpoints that are unused should be disabled and removed from the Azure API Management service",
policyType: "BuiltIn",
mode: "All",
description: "As a security best practice, API endpoints that haven't received traffic for 30 days are considered unused and should be removed from the Azure API Management service. Keeping unused API endpoints may pose a security risk to your organization. These may be APIs that should have been deprecated from the Azure API Management service but may have been accidentally left active. Such APIs typically do not receive the most up to date security coverage.",