CIS Microsoft Azure Foundations Benchmark 1.3.1

4min

Policy Pack based on the Azure Foundations 1.3.1 benchmark provided by the Center for Internet Security (CIS)﻿
First Steps
Install Cloud Graph CLI.
Set up the Azure Provider for CG with the cg init azure command.
Add Policy Pack for CIS Microsoft Azure Foundations benchmark using cg policy add azure-cis-1.3.1 command.
Execute the ruleset using the scan command cg scan azure.
Query the findings using the different options:
Use the CloudGraph Policy Pack for Azure CIS 1.3.1 to query all of your CIS findings for all of your Azure Accounts:
GraphQL
|
query {
  queryazureCISFindings {
    id
    resourceId
    result
    rule {
      id
      severity
      title
      description
      audit
      rationale
      remediation
      references
    }
  }
}
query {
  queryazureCISFindings {
    id
    resourceId
    result
    rule {
      id
      severity
      title
      description
      audit
      rationale
      remediation
      references
    }
  }
}
﻿
Querying findings by resource:
GraphQL
|
query {
  queryazureSecurityPricing {
    id
    CISFindings {
      id
      resourceId
      result
      rule {
        id
        severity
        title
        description
        audit
        rationale
        remediation
        references
      }
    }
  }
}
query {
  queryazureSecurityPricing {
    id
    CISFindings {
      id
      resourceId
      result
      rule {
        id
        severity
        title
        description
        audit
        rationale
        remediation
        references
      }
    }
  }
}
﻿
Available Ruleset
Please see the CIS 1.3.1 README for a table of available rules.

Updated 03 Mar 2023

Did this page help you?

Azure Policy Packs

NIST 800-53 Rev. 4 for Azure

TABLE OF CONTENTS