Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
| Rule ID | Title | Severity | Service Type | Resource Type |
|---|---|---|---|---|
| CSPM-AZURE-2024-0201 | Blocked accounts with read and write permissions on Azure resources should be removed | High | Microsoft Entra | Custom Roles |
| CSPM-AZURE-2024-0207 | Guest accounts with owner permissions on Azure resources should be removed | High | Microsoft Entra | Users |
| CSPM-AZURE-2024-0208 | Guest accounts with read permissions on Azure resources should be removed | Medium | Microsoft Entra | Users |
| CSPM-AZURE-2024-0209 | Guest accounts with write permissions on Azure resources should be removed | High | Microsoft Entra | Users |
| CSPM-AZURE-2024-0231 | Azure Defender for Azure SQL Database servers should be enabled | High | Microsoft Defender | Security Configurations |
| CSPM-AZURE-2024-0476 | Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters | High | AKS | Kubernetes Cluster Extensions |
| CSPM-AZURE-2024-0529 | Geo-redundant backup should be enabled for Azure Database for MySQL | High | MySQL | Servers |
| CSPM-AZURE-2024-0530 | Geo-redundant backup should be enabled for Azure Database for PostgreSQL | Medium | PostgreSQL | PostgreSQL Server |
| CSPM-AZURE-2024-0782 | App Service apps should require FTPS only | Medium | App Service | Apps |
| CSPM-AZURE-2024-0788 | Function apps should require FTPS only | High | App Service | App Configuration |
| CSPM-AZURE-2024-0789 | Function apps should use the latest TLS version | High | App Service | Apps |
| CSPM-AZURE-2024-0792 | Secure transfer to storage accounts should be enabled | High | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0803 | Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest | Medium | Cosmos DB Resource Provider | Cosmos DB Account |
| CSPM-AZURE-2024-0833 | Storage accounts should use customer-managed key for encryption | Medium | Storage Resource Provider | Storage Accounts |
| CSPM-AZURE-2024-0864 | App Service apps should use latest ‘HTTP Version’ | Medium | App Service | App Configuration |
| CSPM-AZURE-2024-0865 | Function apps should use latest ‘HTTP Version’ | Medium | App Service | App Configuration |
| CSPM-AZURE-2024-1002-02 | Audit Virtual Machine Scale Sets that do not use managed disks | Medium | Compute | Virtual Machine Scale Sets |
| CSPM-AZURE-2024-1012 | Azure Defender for open-source relational databases should be enabled | High | PostgreSQL, MySQL, MariaDB | Databases |
| CSPM-AZURE-2024-0703 | Vulnerability assessment should be enabled on SQL Managed Instance | Medium | SQL Database | SQL Managed Instances |
| CSPM-AZURE-2024-0609 | Subscriptions should have a contact email address for security issues | Low | Resource Management | Subscriptions |
| CSPM-AZURE-2024-0475 | App Service apps should have Client Certificates (Incoming client certificates) enabled | High | App Service | Service Apps |
| CSPM-AZURE-2024-0848 | Automation account variables should be encrypted | High | Automation | Variables |
| CSPM-AZURE-2024-0781 | App Service apps should only be accessible over HTTPS | High | App Service | App Service Apps |
