Center for Information Security (CIS) unveils Azure Foundations Benchmark v2.0.0

Center for Information Security (CIS) unveils Azure Foundations Benchmark v2.0.0

The Center for Information Security (CIS) recently unveiled the latest version of their Azure Foundations Benchmark—Version 2.0.0. This is the first major release since the benchmark was originally released more than 4 years ago, which could lead you to believe that this update would come with a bunch of significant changes. However, this release actually brings fewer impactful changes than the minor releases that preceded it.

Instead of sweeping changes, the update includes a number of reconciled and renumbered sections along with some refreshed language and branding.

Rapid7 is actively reviewing the new recommendations and evaluating the need and potential of them being made into insights within InsightCloudSec.

So the changes were minor, but what were they?

Of the 10 sections that make up the benchmark, four sections were expanded with new recommendations:

Section 1 (Identity and Access Management)This was also the only section that had a recommendation removed.Section 4 (Database Services)Section 5 (Logging and Monitoring)Section 7 (Virtual Machines)

Five sections had no changes:

Section 3 (Storage Accounts)Section 6 (Networking)Section 8 (Key Vault)Section 9 (AppService)Section 10 (Miscellaneous)

Section 2 (Microsoft Defender) did not have any additions or subtractions, but did have some alterations related to numbering and categorization.

Section 1 (Identity and Access Management)

This section covers a wide range of recommendations centered around identity and access policies. For 2.0.0, there was one addition:

Recommendation: 1.3 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'

Why it Matters: It is best practice to only allow an administrator to create new tenants. This prevents users from creating new Azure AD or Azure AD B2C tenants and ensures that only authorized users are able to ..

Support the originator by clicking the read the rest link below.