Last active
June 29, 2020 22:07
-
-
Save brucedkyle/85cadc5a29e1787db55f8c35170d4c9c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"properties": { | |
"displayName": "NIST SP 800-53 R4", | |
"policyType": "BuiltIn", | |
"description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist80053-blueprint.", | |
"metadata": { | |
"version": "2.0.1", | |
"category": "Regulatory Compliance" | |
}, | |
"policyDefinitions": [ | |
{ | |
"policyDefinitionReferenceId": "AuditSecureTransferToStorageAccounts", | |
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", | |
"parameters": {}, | |
"groupNames": [ | |
"NIST_SP_800-53_R4_SC-8(1)" | |
] | |
} | |
], | |
"comment": "policyDefinitionGroups go here" | |
}, | |
"id": "/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f", | |
"name": "cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"policyDefinitionGroups": [ | |
{ | |
"name": "NIST_SP_800-53_R4_SC-8(1)", | |
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)" | |
} | |
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"properties": { | |
"displayName": "Secure transfer to storage accounts should be enabled", | |
"policyType": "BuiltIn", | |
"mode": "Indexed", | |
"description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking", | |
"metadata": { | |
"version": "2.0.0", | |
"category": "Storage" | |
}, | |
"parameters": { | |
"effect": { | |
"type": "String", | |
"metadata": { | |
"displayName": "Effect", | |
"description": "The effect determines what happens when the policy rule is evaluated to match" | |
}, | |
"allowedValues": [ | |
"Audit", | |
"Deny", | |
"Disabled" | |
], | |
"defaultValue": "Audit" | |
} | |
}, | |
"policyRule": { | |
"if": { | |
"allOf": [ | |
{ | |
"field": "type", | |
"equals": "Microsoft.Storage/storageAccounts" | |
}, | |
{ | |
"anyOf": [ | |
{ | |
"allOf": [ | |
{ | |
"value": "[requestContext().apiVersion]", | |
"less": "2019-04-01" | |
}, | |
{ | |
"field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly", | |
"exists": "false" | |
} | |
] | |
}, | |
{ | |
"field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly", | |
"equals": "false" | |
} | |
] | |
} | |
] | |
}, | |
"then": { | |
"effect": "[parameters('effect')]" | |
} | |
} | |
}, | |
"id": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", | |
"type": "Microsoft.Authorization/policyDefinitions", | |
"name": "404c3081-a854-4457-ae30-26a93ef643f9" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment