Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
| Rule ID | Title | Severity | Service Type | Resource Type |
|---|---|---|---|---|
| CSPM-AZURE-2024-0199 | Azure AI Services resources should have key access disabled (disable local authentication) | Medium | Azure AI Services | Cognitive Services Account |
| CSPM-AZURE-2024-0206 | Function apps should use managed identity | Medium | App Service | Apps |
| CSPM-AZURE-2024-0263 | App Configuration should use private link | Medium | App Configuration | Configuration Stores |
| CSPM-AZURE-2024-0271 | Azure Cosmos DB accounts should have firewall rules | High | Cosmos DB Resource Provider | Cosmos DB Account |
| CSPM-AZURE-2024-0276 | Azure Key Vault should have firewall enabled | High | Key Vault | Key Vaults |
| CSPM-AZURE-2024-0299 | Public network access on Azure SQL Database should be disabled | High | SQL Database | SQL Server |
| CSPM-AZURE-2024-0300 | Public network access should be disabled for MariaDB servers | High | MariaDB | MariaDB Servers |
| CSPM-AZURE-2024-0301 | Public network access should be disabled for MySQL servers | High | MySQL | Servers |
| CSPM-AZURE-2024-0302 | Public network access should be disabled for PostgreSQL servers | High | PostgreSQL | PostgreSQL Server |
| CSPM-AZURE-2024-0476 | Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters | High | AKS | Kubernetes Cluster Extensions |
| CSPM-AZURE-2024-0529 | Geo-redundant backup should be enabled for Azure Database for MySQL | High | MySQL | Servers |
| CSPM-AZURE-2024-0530 | Geo-redundant backup should be enabled for Azure Database for PostgreSQL | Medium | PostgreSQL | PostgreSQL Server |
| CSPM-AZURE-2024-0771 | Azure Key Vault should have firewall enabled | High | Key Vault | Key Vault |
| CSPM-AZURE-2024-0782 | App Service apps should require FTPS only | Medium | App Service | Apps |
| CSPM-AZURE-2024-0783 | App Service apps should use the latest TLS version | High | App Service | Apps |
| CSPM-AZURE-2024-0788 | Function apps should require FTPS only | High | App Service | App Configuration |
| CSPM-AZURE-2024-0789 | Function apps should use the latest TLS version | High | App Service | Apps |
| CSPM-AZURE-2024-0792 | Secure transfer to storage accounts should be enabled | High | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0858 | Storage accounts should have infrastructure encryption | Medium | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0864 | App Service apps should use latest ‘HTTP Version’ | Medium | App Service | App Configuration |
| CSPM-AZURE-2024-0865 | Function apps should use latest ‘HTTP Version’ | Medium | App Service | App Configuration |
| CSPM-AZURE-2024-0260 | Disallow public access to storage accounts | High | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0850 | Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) | Medium | Log Analytics | Clusters |
| CSPM-AZURE-2025-0814 | Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys | Medium | AKS | Kubernetes Cluster Extensions |
| CSPM-AZURE-2024-0848 | Automation account variables should be encrypted | High | Automation | Variables |
| CSPM-AZURE-2024-0781 | App Service apps should only be accessible over HTTPS | High | App Service | App Service Apps |
| CSPM-AZURE-2024-0283 | Container registries should not allow unrestricted network access | High | Container Registry | Container Registry |
