Azure CIS

%3CLINGO-SUB%20id%3D%22lingo-sub-622042%22%20slang%3D%22en-US%22%3EAzure%20CIS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-622042%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20Security%20center%20-%26gt%3B%20Regulatory%20compliance%2C%20not%20all%20the%20CIS%20benchmark%20recommendations%20are%20listed%20under%20Azure%20CIS%201.1.0.%20for%20example%20under%201.%20Identity%20and%20access%20management%2C%20the%20Recommendations%201.10%20and%201.20%20are%20missing.%3C%2FP%3E%3CP%3EPlease%20confirm%20the%20reasons%20for%20missing%20these%20recommendations.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-622201%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20CIS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-622201%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F345447%22%20target%3D%22_blank%22%3E%40Sivaramas%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-compliance-dashboard%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-compliance-dashboard%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3ESome%20controls%20are%20grayed%20out.%20These%20controls%20do%20not%20have%20any%20Security%20Center%20assessments%20associated%20with%20them.%20You%20need%20to%20analyze%20the%20requirements%20for%20these%20and%20assess%20them%20in%20your%20environment%20on%20your%20own.%20Some%20of%20these%20may%20be%20process-related%20and%20not%20technical.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlso%20remember%26nbsp%3Bthis%20feature%26nbsp%3Bis%20in%20%3CSTRONG%3EPreview%3C%2FSTRONG%3E%20so%20some%20controls%20are%20not%20yet%20supported%2Fadded.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-632158%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20CIS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-632158%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239477%22%20target%3D%22_blank%22%3E%40Clive%20Watson%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20Clive.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20there%20be%20any%20new%20APIs%20planned%20for%20the%20CIS%20controls%20which%20are%20not%20assessed%3F%20I%20understand%20that%20the%20controls%20should%20be%20technical%20not%20process.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThinking%20whether%20we%20should%20develop%20a%20custom%20code%20or%20wait%20for%20APIs%20from%20Azure%3F%20Appreciate%20your%20response.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-632570%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20CIS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-632570%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F346223%22%20target%3D%22_blank%22%3E%40sivaram1325%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20know%20the%20ASC%20team%20are%20working%20on%20these%2C%20as%20a%20priority%20item%2C%20but%20there%20is%20no%20ETA.%26nbsp%3B%20If%20I%20hear%20more%20I%20will%20share.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-928087%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20CIS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-928087%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239477%22%20target%3D%22_blank%22%3E%40Clive%20Watson%3C%2FA%3E%26nbsp%3B%20Any%20news%20with%20this%3F%20it%20is%20October%202019%20already%3A)%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

In Security center -> Regulatory compliance, not all the CIS benchmark recommendations are listed under Azure CIS 1.1.0. for example under 1. Identity and access management, the Recommendations 1.10 and 1.20 are missing.

Please confirm the reasons for missing these recommendations.

4 Replies

@Sivaramas 

https://docs.microsoft.com/en-us/azure/security-center/security-center-compliance-dashboard

 

Some controls are grayed out. These controls do not have any Security Center assessments associated with them. You need to analyze the requirements for these and assess them in your environment on your own. Some of these may be process-related and not technical.

 

Also remember this feature is in Preview so some controls are not yet supported/added.

@Clive Watson 

 

Thank you Clive.

 

Will there be any new APIs planned for the CIS controls which are not assessed? I understand that the controls should be technical not process.

 

Thinking whether we should develop a custom code or wait for APIs from Azure? Appreciate your response.

@sivaram1325 

 

I know the ASC team are working on these, as a priority item, but there is no ETA.  If I hear more I will share.

@Clive Watson  Any news with this? it is October 2019 already:)