prevasio-key-vault-2
Region: eastus
Overview
Critical
0High
1Medium
3Low
1Informational
0Security issues (5)
| Severity | Non-Compliance | Issue | Remediation | Read more | Action |
|---|---|---|---|---|---|
| Low | Key Vault has no diagnostic settings. | To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that AuditEvent logging is enabled for each Key Vault. | More info | ||
| High | CIS 8.5 | Key Vault has no Purge Protection and therefore, is not recoverable. | To prevent permanent deletion/purging of encryption keys, secrets and certificates stored within the Key Vaults, ensure that all Key Vaults have Purge Protection enabled. | More info | |
| Medium | PCI DSS 4.2 HIPAA (Encryption) | Key Vault has Soft Delete retention period set to 7 days, while the recommended limit is 90 days. | To fulfill HIPAA requirements on protecting all encryption mechanisms against loss of modification, ensure that Key Vaults have a recommended Soft Delete retention period, i.e. 90 days. | More info | |
| Medium | — | Key Vault does not grant vault access to trusted Microsoft services. | To allow trusted Azure cloud services to work as intended and be able to access your vault resources, enable "Allow trusted Microsoft services to bypass this firewall" exception in your Key Vault network firewall configuration. | More info | |
| Medium | — | Key Vault allows access to traffic from all networks, including the public Internet. | To add a layer of security by limiting access to trusted networks and/or IP addresses, change the Key Vault firewall default action from "Allow" to "Deny" and configure the appropriate access. | More info |