Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GR7 | Validation 1 | Storage Accounts TLS 1.2 (M) #190

Closed
MathesonSho opened this issue Aug 28, 2024 · 2 comments · Fixed by #275
Closed

GR7 | Validation 1 | Storage Accounts TLS 1.2 (M) #190

MathesonSho opened this issue Aug 28, 2024 · 2 comments · Fixed by #275
Assignees
@dutt0
Labels
Iteration #1 Before V2.0 go-live V2.0 Applicable for updating to v2.0

Comments

@MathesonSho
Copy link
Contributor

MathesonSho commented Aug 28, 2024
edited by dutt0
Loading

TLS/ HTTPS Policy Checks

Description: The following are some new controls for the CaC Solution's Guardrail 7. The goal is to determine if TLS1.2+ or HTTPS encryption is being used for all cloud services including publicly accessible sites and external communications. The first check will focus on Storage Accounts while the second will look at Other Cloud Apps. The final check will consider firewall configurations. These are built-in policies provided by MS. Note: we will not be able to achieve this check entirely due to the limits in seeing configurations of non-native tools or virtual machines to host websites etc.,

ItemName: Storage Accounts TLS 1.2 (M)

  1. This check parses through existing storage accounts. Determine whether every storage account is using a minimum of TLS 1.2. If all storage accounts have TLS 1.2+ than pass. If one of more storage accounts have TLS 1.1 or below the check will be non-compliant and return the list of storage accounts that do not meet this requirement. Enforce a minimum required version of Transport Layer Security (TLS) for incoming requests - Azure Storage | Microsoft Learn

ItemName: App Service HTTPS Configuration (M)
2. This check uses built-in Azure Policies and their evaluation to determine compliance. The following check is inside the Canada Federal PBMM:

  • App Service apps should only be accessible over HTTPS

If the PBMM initiative has been applied to the subscription, and the following policy has not been excluded, and the policy compliance results show all compliant resources then check is compliant. If there are no applicable resources in the environment default pass.

ItemName: Function App HTTPS Configuration (M)
3. This check uses built-in Azure Policies and their evaluation to determine compliance. The following check is inside the Canada Federal PBMM:

  • Function apps should only be accessible over HTTPS

If the PBMM initiative has been applied to the subscription, and the following policy has not been excluded, and the policy compliance results show all compliant resources then check is compliant. If there are no applicable resources in the environment default pass.
@MathesonSho MathesonSho added DoNotStart Do not start the development yet V2.0 Applicable for updating to v2.0 and removed DoNotStart Do not start the development yet labels Aug 28, 2024
@dutt0 dutt0 added the Iteration #1 Before V2.0 go-live label Sep 12, 2024
@dutt0 dutt0 changed the title GR7 | Validation 1 GR7 | Validation 1 Mandatory Controls Sep 20, 2024
@dutt0
Copy link
Contributor

dutt0 commented Sep 20, 2024

Created another ticket with all the recommended controls from here.

@dutt0 dutt0 changed the title GR7 | Validation 1 Mandatory Controls GR7 | Validation 1 (M) Sep 20, 2024
@MathesonSho MathesonSho mentioned this issue Sep 25, 2024
Closed
@dutt0 dutt0 assigned dutt0 and unassigned singhgss Oct 10, 2024
@dutt0 dutt0 removed their assignment Oct 24, 2024
@dutt0 dutt0 self-assigned this Nov 19, 2024
@dutt0 dutt0 added the PriorityForAssignees -Next This issue is considered low priority for the assignee this week label Nov 19, 2024
@dutt0 dutt0 changed the title GR7 | Validation 1 (M) GR7 | Validation 1 Storage Accounts TLS 1.2 (M) Nov 20, 2024
@dutt0 dutt0 changed the title GR7 | Validation 1 Storage Accounts TLS 1.2 (M) GR7 | Validation 1 | Storage Accounts TLS 1.2 (M) Nov 20, 2024
@dutt0
Copy link
Contributor

dutt0 commented Nov 20, 2024
edited
Loading

Created another ticket with the app HTTPS configuration controls from here.

@dutt0 dutt0 linked a pull request Nov 20, 2024 that will close this issue
[New control] GR7V1 and GR9V4 | Validation for storage account TLS version #275
Merged
6 tasks
@dutt0 dutt0 removed the PriorityForAssignees -Next This issue is considered low priority for the assignee this week label Nov 29, 2024
@MathesonSho MathesonSho mentioned this issue Jan 2, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dutt0 dutt0

Labels
Iteration #1 Before V2.0 go-live V2.0 Applicable for updating to v2.0
Projects
None yet
Milestone
No milestone
3 participants
@MathesonSho @singhgss @dutt0