microsoftdocs / securitybenchmarks Goto Github PK

Supplemental information and resources for the Security Benchmark documentation available at https://docs.microsoft.com/azure/security/benchmarks/.

License: Creative Commons Attribution 4.0 International

securitybenchmarks's Introduction

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Legal Notices

Microsoft and any contributors grant you a license to the Microsoft documentation and other content in this repository under the Creative Commons Attribution 4.0 International Public License, see the LICENSE file, and grant you a license to any code in the repository under the MIT License, see the LICENSE-CODE file.

Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653.

Privacy information can be found at https://privacy.microsoft.com/en-us/

Microsoft and any contributors reserve all other rights, whether under their respective copyrights, patents, or trademarks, whether by implication, estoppel or otherwise.

securitybenchmarks's People

Contributors

Stargazers

Watchers

Forkers

azurementor riemagdalene adjohns guang2yang johnnytechn kcs0213 abyinkus proinsights shochendoner rajaprabus27 xkhahuss stackpoet kumarvit josuttelsdexmach stackpoets mohammedalahdal naveengarla vijayyadavcloud gfloresc1973 ronaldprasad fasere75 sukumarraju vsinhay rubicondimitri diegocaceresitpro greenetx msmbaldwin snrtherock takuya-miyazaki stefanbur imihaljko apegetinfo silentsoul04 batissink albandrod inhashed k3aczyk debajyotiguha78 romanaskr okkarkyaw92 sandercuppen palchak rchamunee hermont2015 asishr nsxaci sithukyaw007 amandadelaperez cloudguardai asifkd012020 egbordzor jimcheng-ms sachinpatkar clueby4 adeelaleem seek4sec isabella232 harry738 zeroinfinite sophiebok asedighi kharikrishnan80 bluejazzchn sirdesmond liangyuzhu888 stackjackson wawava essencetech8028 arvindmits olublessed matthew-ke caspianit thesmellofsummer betahydri 20150723 dekoder maks303 nandofpc ievsantillan isantillan1 ftgitnow tracywhodoesnot mraesen karthikmakam raimundojimenez brainiac-m cheahengteong ayoublab92 c0deinject0r diondnr x3nc0n ict-nvo tomfansdwdf herlonrl rbidentities bunmicloud gbolahr fred231084g baillydjok suprizing

securitybenchmarks's Issues

Duplicate text

Rows 9 and 10 have the same text CIS Controls v8 ID(s), row 9 should be CIS Controls v7.1 ID(s)

Azure Key Vault - Security Baseline 1.1 - ID 3.10

Hi, I was reviewing the item discussed in the title. It is entitled "Regularly review and reconcile user access" and essentially covers only group membership and role assignment, which is good when the RBAC model is chosen. I wonder if we should be more explicit by referring to Access Policies (see https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy-portal). In fact, they should be revised as well. Do we have a clear guidance on how to revise them, as we have for Azure AD Roles assignment?
FYI: the specific file where I have found the issue is https://github.com/MicrosoftDocs/SecurityBenchmarks/blob/master/Azure%20Offer%20Security%20Baselines/1.1/key-vault-security-baseline-v1.1.xlsx.
Thanks,
Simone Curzi

Missing "h" in description text of Microsoft Cloud Security Benchmark / Microsoft_cloud_security_benchmark_v1.xlsx

Hi,

I noticed that there is an "h" missing in the following text:

This spreadsheet is designed to provide you a private preview version of the Microsoft Cloud Security Benchmark v1. For the web version of the content, please refer to [-->HERE<--] ttps://docs.microsoft.com/en-us/security/benchmark/azure/overview

In my view it should be:

This spreadsheet is designed to provide you a private preview version of the Microsoft Cloud Security Benchmark v1. For the web version of the content, please refer to https://docs.microsoft.com/en-us/security/benchmark/azure/overview

Hence, https instead of ttps

Thanks for fixing this typo!

Azure Compute Windows Baseline

Hello,

I have an issue with the following AzureWindowsBaseline policies:
Accounts: Rename guest account - This does not seem to exist in the SecurityBenchMark

The remediation in Azure is:
To establish the recommended configuration via GP, configure the following UI path: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename guest account

I have set this but it does not reflect in the Policy

Can you advise please?