Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
| Rule ID | Title | Severity | Service Type | Resource Type |
|---|---|---|---|---|
| CSPM-AZURE-2024-0003 | App Service Authentication is Disabled | High | Web | Authentication Settings |
| CSPM-AZURE-2024-0005 | FTP Deployment is Enabled. | High | Web | App Configuration |
| CSPM-AZURE-2024-0006 | HTTP 2.0 Disabled | Medium | Web | App Configuration |
| CSPM-AZURE-2024-0007 | HTTP traffic is Permitted | High | Web | Apps |
| CSPM-AZURE-2024-0011 | Web Application is using an Outdated PHP Version | High | Web | App Configuration |
| CSPM-AZURE-2024-0012 | Web Application is using an Outdated Python Version | High | Web | App Configuration |
| CSPM-AZURE-2024-0013 | Insecure TLS Version Detected | High | Web | Apps |
| CSPM-AZURE-2024-0015 | Key Vault, if deleted or purged, is Not Recoverable | High | Key Vault | Key Vaults |
| CSPM-AZURE-2024-0017 | Key Vault Role Based Access Control Disabled | High | Key Vault | Key Vaults |
| CSPM-AZURE-2024-0071 | Secure Transfer (HTTPS) is Not Enforced on Storage Accounts | Critical | Storage | Storage Accounts |
| CSPM-AZURE-2024-0074 | Storage Accounts Allows Public Access | High | Storage | Storage Accounts |
| CSPM-AZURE-2024-0075 | Storage Account Soft Delete is Disabled | Medium | Storage | Blob Services |
| CSPM-AZURE-2024-0076 | “Allow trusted Microsoft services” is Disabled on Storage Accounts | Medium | Storage | Storage Accounts |
| CSPM-AZURE-2024-0131 | Ensure that “Enable Infrastructure Encryption” for Each Storage Account in Azure Storage is Set to “enabled” (Automated) | Critical | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0132 | Ensure that ‘Enable key rotation reminders’ is enabled for each Storage Account (Manual) | Critical | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0133 | Ensure that Storage Account Access Keys are Periodically Regenerated (Manual) | Medium | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0136 | Ensure Default Network Access Rule for Storage Accounts is Set to Deny (Automated) | Critical | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0151 | Use Entra ID Client Authentication and Azure RBAC where possible. (Manual) | Critical | Cosmos DB Resource Provider | Cosmos DB Account |
| CSPM-AZURE-2024-0154 | Ensure that Network Security Group Flow logs are captured and sent to Log Analytics (Manual) | Critical | Network Watchers | Network Watchers Flow Logs |
| CSPM-AZURE-2024-0167-03 | Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads) | Critical | Redis Cache | Redis Cache |
| CSPM-AZURE-2024-0167-04 | Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads) | Critical | SQL Database | SQL Database |
| CSPM-AZURE-2024-0186 | Ensure that Register with Entra ID is enabled on App Service (Automated) | Critical | App Service | Apps |
| CSPM-AZURE-2024-0134 | Ensure Storage Logging is Enabled for Queue Service for “Read”, “Write”, and “Delete” requests (Automated) | Critical | Storage Resource Provider | Storage Accounts Queue Services |
| CSPM-AZURE-2024-0135 | Ensure that Shared Access Signature Tokens Expire Within an Hour (Manual) | Critical | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0054 | Data Encryption is Disabled for SQL Databases | High | SQL | SQL DB Transparent Data Encryption |
| CSPM-AZURE-2024-0050 | SQL Database Allows Ingress 0.0.0.0/0 (Any IP) | High | SQL | SQL Firewall Rules |
| CSPM-AZURE-2024-0052 | Auditing is Disabled for SQL Databases | Medium | SQL | SQL Auditing Settings |
| CSPM-AZURE-2024-0184 | Ensure that Private Endpoints are used for Azure Key Vault (Manual) | Critical | Key Vault | Key Vaults |
| CSPM-AZURE-2024-0138 | Ensure Storage for Critical Data are Encrypted with Customer Managed Keys (CMK) | Critical | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0179 | Ensure Trusted Launch is enabled on Virtual Machines (Automated) | Critical | Compute | Virtual Machines |
| CSPM-AZURE-2024-0147 | Ensure server parameter “audit_log_enabled” is set to “ON” for MySQL Database Server (Manual) | Critical | MySQL Flexible Servers | MySQL Flexible Servers |
| CSPM-AZURE-2024-0148 | Ensure server parameter “audit_log_events” has CONNECTION” set for MySQL Database Server (Manual) | Critical | MySQL Flexible Servers | MySQL Flexible Servers |
| CSPM-AZURE-2024-0146 | Ensure “TLS Version” is set to “TLSV1.2” (or higher) for MySQL flexible Database Server (Automated) | Critical | MySQL Flexible Servers | MySQL Flexible Servers |
