prevasiostorageaccount
Region: eastus
Overview
Critical
0High
0Medium
5Low
0Informational
0Security issues (5)
Severity | Non-Compliance | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|
Medium | CIS 3.12 | Storage Account uses Microsoft managed key instead of BYOK (Bring Your Own Key). | For greater control, transparency and increasing security by having full control of the encryption keys, ensure your Storage Account data at rest is protected with a key from your own Azure Key Vault. | More info | |
Medium | CIS 3.9 | Storage Account is configured not to allow trusted Azure services to access itself. | To allow trusted cloud services to access your Storage Account with the enabled firewall rules, add an exception so that the trusted Azure services can bypass your network rules and still access your Storage Account. | More info | |
Medium | CIS 3.15 PCI DSS (Old Protocols) | Storage Account has TLS version 1.0, which is lower than the desired TLS version 1.2. | To comply with the industry standards, ensure your Storage Account uses TLS 1.2 or higher for all TLS connections. | More info | |
Medium | CIS 3.1 PCI DSS 4.2 HIPAA (Encryption) | Storage Account allows insecure HTTP origin. | To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, ensures HTTPS-only traffic is allowed to Storage Account endpoints. | More info | |
Medium | CIS 3.11 | Storage Account Blob has Soft Delete data retention period configured to 3 days, while the recommended minimum is 31 days or more. | To handle your data restoration process in the event of a failure more efficiently, ensure that your Storage Blob objects have a sufficient Soft Delete data retention period, i.e. greater than 30 days. | More info |