Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
{
"properties": {
"displayName": "NIST SP 800-53 R4",
"policyType": "BuiltIn",
"description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist80053-blueprint.",
"metadata": {
"version": "2.0.1",
"category": "Regulatory Compliance"
},
"policyDefinitions": [
{
"policyDefinitionReferenceId": "AuditSecureTransferToStorageAccounts",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
"parameters": {},
"groupNames": [
"NIST_SP_800-53_R4_SC-8(1)"
]
}
],
"comment": "policyDefinitionGroups go here"
},
"id": "/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f",
"name": "cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f"
}
"policyDefinitionGroups": [
{
"name": "NIST_SP_800-53_R4_SC-8(1)",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)"
}
]
{
"properties": {
"displayName": "Secure transfer to storage accounts should be enabled",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
"metadata": {
"version": "2.0.0",
"category": "Storage"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "The effect determines what happens when the policy rule is evaluated to match"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"anyOf": [
{
"allOf": [
{
"value": "[requestContext().apiVersion]",
"less": "2019-04-01"
},
{
"field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
"exists": "false"
}
]
},
{
"field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
"equals": "false"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "404c3081-a854-4457-ae30-26a93ef643f9"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment