May 20 2019 11:40 PM
In Security center -> Regulatory compliance, not all the CIS benchmark recommendations are listed under Azure CIS 1.1.0. for example under 1. Identity and access management, the Recommendations 1.10 and 1.20 are missing.
Please confirm the reasons for missing these recommendations.
May 21 2019 12:34 AM - edited May 21 2019 01:18 AM
https://docs.microsoft.com/en-us/azure/security-center/security-center-compliance-dashboard
Some controls are grayed out. These controls do not have any Security Center assessments associated with them. You need to analyze the requirements for these and assess them in your environment on your own. Some of these may be process-related and not technical.
Also remember this feature is in Preview so some controls are not yet supported/added.
May 21 2019 09:11 PM
Thank you Clive.
Will there be any new APIs planned for the CIS controls which are not assessed? I understand that the controls should be technical not process.
Thinking whether we should develop a custom code or wait for APIs from Azure? Appreciate your response.
May 22 2019 01:06 AM
I know the ASC team are working on these, as a priority item, but there is no ETA. If I hear more I will share.