compliance controls are associated with this Policy definition 'Storage accounts should have the specified minimum TLS version' (fe83a0eb-a853-422d-aac2-1bffd182c5d0)
Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
ACAT_Security_Policies |
|
ACAT_Security_Policies |
ACAT Security Policies |
Guidelines for M365 Certification |
Protecting systems and resources
|
Shared |
n/a |
Ensures that apps have strong security and compliance practices in place to protect customer data, security, and privacy. |
link |
16 |
CIS_Azure_2.0.0 |
3.15 |
CIS_Azure_2.0.0_3.15 |
CIS Microsoft Azure Foundations Benchmark recommendation 3.15 |
3 |
Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" |
Shared |
When set to TLS 1.2 all requests must leverage this version of the protocol. Applications leveraging legacy versions of the protocol will fail. |
In some cases, Azure Storage sets the minimum TLS version to be version 1.0 by default. TLS 1.0 is a legacy version and has known vulnerabilities. This minimum TLS version can be configured to be later protocols such as TLS 1.2.
TLS 1.0 has known vulnerabilities and has been replaced by later versions of the TLS protocol. Continued use of this legacy protocol affects the security of data in transit. |
link |
4 |
CIS_Azure_Foundations_v2.1.0 |
3.15 |
CIS_Azure_Foundations_v2.1.0_3.15 |
CIS Azure Foundations v2.1.0 3.15 |
Storage Accounts |
Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" |
Shared |
n/a |
In some cases, Azure Storage sets the minimum TLS version to be version 1.0 by default. TLS 1.0 is a legacy version and has known vulnerabilities. This minimum TLS version can be configured to be later protocols such as TLS 1.2. |
|
1 |
CIS_Azure_Foundations_v3.0.0 |
4.15 |
CIS_Azure_Foundations_v3.0.0_4.15 |
CIS Azure Foundations v3.0.0 4.15 |
4 |
Ensure the 'Minimum TLS version' for Storage Accounts is set to 'Version 1.2' |
Shared |
n/a |
Verify that the 'Minimum TLS version' for Azure storage accounts is set to 'Version 1.2'. This control is essential for ensuring secure data transmission by enforcing the use of a strong TLS protocol, protecting against vulnerabilities associated with older versions. |
|
1 |
CIS_Controls_v8.1 |
3.10 |
CIS_Controls_v8.1_3.10 |
404 not found |
|
|
|
n/a |
n/a |
|
8 |
CIS_Controls_v8.1 |
4.1 |
CIS_Controls_v8.1_4.1 |
CIS Controls v8.1 4.1 |
Secure Configuration of Enterprise Assets and Software |
Establish and maintain a secure configuration process. |
Shared |
1. Establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications).
2. Review and update documentation annually, or when significant enterprise changes occur that could impact this safeguard. |
To ensure data integrity and safety of enterprise assets. |
|
44 |
EU_GDPR_2016_679_Art. |
24 |
EU_GDPR_2016_679_Art._24 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 |
Chapter 4 - Controller and processor |
Responsibility of the controller |
Shared |
n/a |
n/a |
|
306 |
EU_GDPR_2016_679_Art. |
25 |
EU_GDPR_2016_679_Art._25 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 |
Chapter 4 - Controller and processor |
Data protection by design and by default |
Shared |
n/a |
n/a |
|
306 |
EU_GDPR_2016_679_Art. |
28 |
EU_GDPR_2016_679_Art._28 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 |
Chapter 4 - Controller and processor |
Processor |
Shared |
n/a |
n/a |
|
306 |
EU_GDPR_2016_679_Art. |
32 |
EU_GDPR_2016_679_Art._32 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 |
Chapter 4 - Controller and processor |
Security of processing |
Shared |
n/a |
n/a |
|
306 |
K_ISMS_P_2018 |
2.10.1 |
K_ISMS_P_2018_2.10.1 |
K ISMS P 2018 2.10.1 |
2.10 |
Establish Procedures for Managing the Security of System Operations |
Shared |
n/a |
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. |
|
455 |
K_ISMS_P_2018 |
2.10.2 |
K_ISMS_P_2018_2.10.2 |
K ISMS P 2018 2.10.2 |
2.10 |
Establish Protective Measures for Administrator Privileges and Security Configurations |
Shared |
n/a |
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. |
|
431 |
K_ISMS_P_2018 |
2.10.4 |
K_ISMS_P_2018_2.10.4 |
K ISMS P 2018 2.10.4 |
2.10 |
Establish Protective Measures when Working with Electronic Transactions or Fintech Services |
Shared |
n/a |
Establish and implement protective measures such as authentication and encryption to prevent information leakage, data alteration, or fraud when working with electronic transactions and Fintech services. In the event connections to external systems are required, safety must be checked. |
|
45 |
K_ISMS_P_2018 |
2.10.5 |
K_ISMS_P_2018_2.10.5 |
K ISMS P 2018 2.10.5 |
2.10 |
Establish Secure Data Transmission Procedures with External Organizations |
Shared |
n/a |
Establish secure transmission policies, transmission methods, and technical measures for protecting personal information and important information if transmitting data to external organizations. Agreement on management responsibilities for data transmission must be established. |
|
30 |
K_ISMS_P_2018 |
2.7.1b |
K_ISMS_P_2018_2.7.1b |
K ISMS P 2018 2.7.1b |
2.7 |
Ensure Data is Encrypted at Rest and In-Transit |
Shared |
n/a |
Ensure data is encrypted when storing and transmitting personal and important information. |
|
70 |
New_Zealand_ISM |
17.4.16.C.01 |
New_Zealand_ISM_17.4.16.C.01 |
New_Zealand_ISM_17.4.16.C.01 |
17. Cryptography |
17.4.16.C.01 Using TLS |
|
n/a |
Agencies SHOULD use the current version of TLS (version 1.3). |
|
5 |