Privileged Access covers controls to protect privileged access to your Azure tenant and resources, including a range of controls to protect your administrative model, administrative accounts, and privileged access workstations against deliberate and inadvertent risk.ĭata Protection covers control of data protection at rest, in transit, and via authorized access mechanisms, including discover, classify, protect, and monitor sensitive data assets using access control, encryption, key and certificate management in Azure.Īsset Asset Management covers controls to ensure security visibility and governance over Azure resources, including recommendations on permissions for security personnel, security access to asset inventory, and managing approvals for services and resources (inventory, track, and correct). Identity Management covers controls to establish a secure identity and access controls using Azure Active Directory, including the use of single sign-on, strong authentications, managed identities (and service principals) for applications, conditional access, and account anomalies monitoring. Network Security covers controls to secure and protect Azure networks, including securing virtual networks, establishing private connections, preventing, and mitigating external attacks, and securing DNS. The following controls are included in the Azure Security Benchmark v3: ASB Control Domains Key and certificate management was introduced to recommend key and certificate management best practices in Azure. The addition of new control(s), e.g., DevOps Security as a new control family which also includes topics such as threat modeling and software supply chain security.Security Principle is the "what", explaining the control at the technology-agnostic level Azure Guidance is focused on the "how", elaborating on the relevant technical features and ways to implement the controls in Azure. Refining the control guidance to be more granular and actionable, e.g., security guidance is now divided into two separate parts, Security Principle and Azure Guidance.Mappings to the industry frameworks PCI-DSS v3.2.1 and CIS Controls v8 are added in addition to the existing mappings to CIS Controls v7.1 and NIST SP800-53 Rev4.Here's what's new in the Azure Security Benchmark v3: These controls are consistent with well-known security benchmarks, such as those described by the Center for Internet Security (CIS) Controls, National Institute of Standards and Technology (NIST), and Payment Card Industry Data Security Standard (PCI-DSS). The Azure Security Benchmark focuses on cloud-centric control areas. Microsoft Cybersecurity Reference Architectures (MCRA): Visual diagrams and guidance for security components and relationships.Microsoft Security Best Practices: Recommendations with examples on Azure.Azure Well-Architected Framework: Guidance on securing your workloads on Azure.Cloud Adoption Framework: Guidance on security, including strategy, roles and responsibilities, Azure Top 10 Security Best Practices, and reference implementation.This benchmark is part of a set of holistic security guidance that also includes: The Azure Security Benchmark (ASB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |