From c473a8d4da1caa6f9a5cee8777f71a2b7b9417f7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 9 Aug 2024 10:07:42 -0500 Subject: [PATCH] Update active policy list (#2520) Co-authored-by: XOmniverse --- .../active_policy_list.json | 312 ++++++++++++------ 1 file changed, 207 insertions(+), 105 deletions(-) diff --git a/data/active_policy_list/active_policy_list.json b/data/active_policy_list/active_policy_list.json index 50d54dacac..6292f2ecaf 100644 --- a/data/active_policy_list/active_policy_list.json +++ b/data/active_policy_list/active_policy_list.json @@ -1581,6 +1581,23 @@ "generally_recommended": false, "deprecated": false }, + { + "name": "Azure Blob Storage Accounts Without Soft Delete Enabled", + "file_name": "security/azure/storage_soft_delete/storage_soft_delete.pt", + "version": "3.0.0", + "change_log": "security/azure/storage_soft_delete/CHANGELOG.md", + "description": "Reports any Azure Blob Storage Accounts that do not have soft delete enabled. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_soft_delete/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.", + "category": "Security", + "severity": "high", + "readme": "security/azure/storage_soft_delete/README.md", + "provider": "Azure", + "service": "Storage", + "policy_set": "CIS", + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, { "name": "Azure Blob Storage Optimization", "file_name": "cost/azure/blob_storage_optimization/azure_blob_storage_optimization.pt", @@ -1700,91 +1717,6 @@ "generally_recommended": false, "deprecated": false }, - { - "name": "Azure Ensure Soft Delete Enabled For Azure Storage", - "file_name": "security/azure/storage_soft_delete/storage_soft_delete.pt", - "version": "2.3", - "change_log": "security/azure/storage_soft_delete/CHANGELOG.md", - "description": "Report if the storage service does not have soft delete enabled. \n See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_soft_delete/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.", - "category": "Security", - "severity": "high", - "readme": "security/azure/storage_soft_delete/README.md", - "provider": "Azure", - "service": "Storage", - "policy_set": "CIS", - "recommendation_type": null, - "updated_at": "2024-02-08T15:32:22Z", - "generally_recommended": false, - "deprecated": false - }, - { - "name": "Azure Ensure Storage Account Default Network Access Set To Deny", - "file_name": "security/azure/storage_network_deny/storage_network_deny.pt", - "version": "2.3", - "change_log": "security/azure/storage_network_deny/CHANGELOG.md", - "description": "Report if any storage accounts do not have their default network access set to 'deny'. \n See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_network_deny) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.", - "category": "Security", - "severity": "high", - "readme": "security/azure/storage_network_deny/README.md", - "provider": "Azure", - "service": "Storage", - "policy_set": "CIS", - "recommendation_type": null, - "updated_at": "2024-02-08T15:32:22Z", - "generally_recommended": false, - "deprecated": false - }, - { - "name": "Azure Ensure Storage Accounts Require Secure TLS Version", - "file_name": "security/azure/storage_tls_version/storage_tls_version.pt", - "version": "2.3", - "change_log": "security/azure/storage_tls_version/CHANGELOG.md", - "description": "Report if any storage accounts are not configured to require TLS 1.2. \n See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_tls_version) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.", - "category": "Security", - "severity": "high", - "readme": "security/azure/storage_tls_version/README.md", - "provider": "Azure", - "service": "Storage", - "policy_set": "CIS", - "recommendation_type": null, - "updated_at": "2024-02-08T15:32:22Z", - "generally_recommended": false, - "deprecated": false - }, - { - "name": "Azure Ensure Storage Logging Enabled For Table Service", - "file_name": "security/azure/table_storage_logging/table_storage_logging.pt", - "version": "2.3", - "change_log": "security/azure/table_storage_logging/CHANGELOG.md", - "description": "Report if any storage table accounts are not configured to log read, write, and delete requests. \n See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/table_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.", - "category": "Security", - "severity": "high", - "readme": "security/azure/table_storage_logging/README.md", - "provider": "Azure", - "service": "Storage", - "policy_set": "CIS", - "recommendation_type": null, - "updated_at": "2024-02-08T15:32:22Z", - "generally_recommended": false, - "deprecated": false - }, - { - "name": "Azure Ensure Trusted Microsoft Services Enabled", - "file_name": "security/azure/storage_trusted_services/storage_trusted_services.pt", - "version": "2.3", - "change_log": "security/azure/storage_trusted_services/CHANGELOG.md", - "description": "Report if any storage accounts do not have access enabled for Trusted Microsoft Services. \n See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_trusted_services/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.", - "category": "Security", - "severity": "high", - "readme": "security/azure/storage_trusted_services/README.md", - "provider": "Azure", - "service": "Storage", - "policy_set": "CIS", - "recommendation_type": null, - "updated_at": "2024-02-08T15:32:22Z", - "generally_recommended": false, - "deprecated": false - }, { "name": "Azure Expiring Certificates", "file_name": "operational/azure/azure_certificates/azure_certificates.pt", @@ -2635,12 +2567,29 @@ "generally_recommended": false, "deprecated": false }, + { + "name": "Azure Storage Accounts Allowing Default Network Access", + "file_name": "security/azure/storage_network_deny/storage_network_deny.pt", + "version": "3.0.0", + "change_log": "security/azure/storage_network_deny/CHANGELOG.md", + "description": "Reports any Azure Storage Accounts that do not have their default network access set to 'deny'. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_network_deny) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.", + "category": "Security", + "severity": "high", + "readme": "security/azure/storage_network_deny/README.md", + "provider": "Azure", + "service": "Storage", + "policy_set": "CIS", + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, { "name": "Azure Storage Accounts Without HTTPs Enforced", "file_name": "security/azure/storage_account_https_enabled/azure_storage_account_https_enabled.pt", - "version": "2.7", + "version": "2.7.1", "change_log": "security/azure/storage_account_https_enabled/CHANGELOG.md", - "description": "Checks for Azure Storage Accounts with HTTPs not enforced.\n See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_account_https_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.", + "description": "**Deprecated: This policy is no longer being updated. Please see [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_account_https_enabled) for more details.** Checks for Azure Storage Accounts with HTTPs not enforced.\n See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_account_https_enabled) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.", "category": "Security", "severity": "low", "readme": "security/azure/storage_account_https_enabled/README.md", @@ -2648,7 +2597,24 @@ "service": "Storage Accounts", "policy_set": "Storage Security", "recommendation_type": null, - "updated_at": "2024-03-21T20:02:46Z", + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": true + }, + { + "name": "Azure Storage Accounts Without Secure TLS", + "file_name": "security/azure/storage_tls_version/storage_tls_version.pt", + "version": "3.0.0", + "change_log": "security/azure/storage_tls_version/CHANGELOG.md", + "description": "Reports any Azure Storage Accounts that are not configured to require, at minimum, TLS 1.2. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_tls_version) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.", + "category": "Security", + "severity": "high", + "readme": "security/azure/storage_tls_version/README.md", + "provider": "Azure", + "service": "Storage", + "policy_set": "CIS", + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", "generally_recommended": false, "deprecated": false }, @@ -2669,6 +2635,23 @@ "generally_recommended": false, "deprecated": false }, + { + "name": "Azure Storage Accounts Without Trusted Microsoft Services Access", + "file_name": "security/azure/storage_trusted_services/storage_trusted_services.pt", + "version": "3.0.0", + "change_log": "security/azure/storage_trusted_services/CHANGELOG.md", + "description": "Reports any Azure Storage Accounts without access enabled for Trusted Microsoft Services. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_trusted_services/) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.", + "category": "Security", + "severity": "high", + "readme": "security/azure/storage_trusted_services/README.md", + "provider": "Azure", + "service": "Storage", + "policy_set": "CIS", + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, { "name": "Azure Storage Accounts without Lifecycle Management Policies", "file_name": "cost/azure/storage_account_lifecycle_management/storage_account_lifecycle_management.pt", @@ -2805,6 +2788,23 @@ "generally_recommended": false, "deprecated": true }, + { + "name": "Azure Table Storage Accounts Without Logging Enabled", + "file_name": "security/azure/table_storage_logging/table_storage_logging.pt", + "version": "3.0.0", + "change_log": "security/azure/table_storage_logging/CHANGELOG.md", + "description": "Reports any Azure Table Storage Accounts that are not configured to log read, write, and delete requests. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/table_storage_logging) and [docs.rightscale.com/policies](https://docs.rightscale.com/policies/) to learn more.", + "category": "Security", + "severity": "high", + "readme": "security/azure/table_storage_logging/README.md", + "provider": "Azure", + "service": "Storage", + "policy_set": "CIS", + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, { "name": "Azure Tag Cardinality Report", "file_name": "operational/azure/tag_cardinality/azure_tag_cardinality.pt", @@ -3009,23 +3009,6 @@ "generally_recommended": false, "deprecated": false }, - { - "name": "Azure Web App Minimum TLS Version", - "file_name": "security/azure/webapp_tls_version_support/azure_webapp_min_tls_version.pt", - "version": "2.7", - "change_log": "security/azure/webapp_tls_version_support/CHANGELOG.md", - "description": "Checks for Azure Web Apps with a minimum TLS version less that the value specified.\n See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/webapp_tls_version_support) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.", - "category": "Security", - "severity": "low", - "readme": "security/azure/webapp_tls_version_support/README.md", - "provider": "Azure", - "service": "App Service", - "policy_set": "", - "recommendation_type": null, - "updated_at": "2024-02-08T15:32:22Z", - "generally_recommended": false, - "deprecated": false - }, { "name": "Azure Web Apps With Unoptimized Scaling", "file_name": "cost/azure/unoptimized_web_app_scaling/azure_unoptimized_web_app_scaling.pt", @@ -3043,6 +3026,23 @@ "generally_recommended": false, "deprecated": false }, + { + "name": "Azure Web Apps Without Secure TLS", + "file_name": "security/azure/webapp_tls_version_support/azure_webapp_min_tls_version.pt", + "version": "3.0.0", + "change_log": "security/azure/webapp_tls_version_support/CHANGELOG.md", + "description": "Reports any Azure Web Apps that do not require a secure version of TLS. See the [README](https://github.com/flexera-public/policy_templates/tree/master/security/azure/webapp_tls_version_support) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more.", + "category": "Security", + "severity": "low", + "readme": "security/azure/webapp_tls_version_support/README.md", + "provider": "Azure", + "service": "App Service", + "policy_set": "", + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, { "name": "Billing Center Access Report", "file_name": "compliance/flexera/cco/billing_center_access_report/bc_access_report.pt", @@ -4760,6 +4760,23 @@ "generally_recommended": false, "deprecated": false }, + { + "name": "Meta Parent: Azure Blob Storage Accounts Without Soft Delete Enabled", + "file_name": "security/azure/storage_soft_delete/storage_soft_delete_meta_parent.pt", + "version": "3.0.0", + "change_log": "security/azure/storage_soft_delete/CHANGELOG.md", + "description": "**NOTE: Meta policies are an alpha feature. Please consult the [README](https://github.com/flexera-public/policy_templates/blob/master/README_META_POLICIES.md) before use.** Applies and manages \"child\" [Azure Blob Storage Accounts Without Soft Delete Enabled](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_soft_delete) Policies.", + "category": "Meta", + "severity": "low", + "readme": "security/azure/storage_soft_delete/README.md", + "provider": "Azure", + "service": null, + "policy_set": null, + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, { "name": "Meta Parent: Azure Blob Storage Optimization", "file_name": "cost/azure/blob_storage_optimization/azure_blob_storage_optimization_meta_parent.pt", @@ -5542,6 +5559,40 @@ "generally_recommended": false, "deprecated": false }, + { + "name": "Meta Parent: Azure Storage Accounts Allowing Default Network Access", + "file_name": "security/azure/storage_network_deny/storage_network_deny_meta_parent.pt", + "version": "3.0.0", + "change_log": "security/azure/storage_network_deny/CHANGELOG.md", + "description": "**NOTE: Meta policies are an alpha feature. Please consult the [README](https://github.com/flexera-public/policy_templates/blob/master/README_META_POLICIES.md) before use.** Applies and manages \"child\" [Azure Storage Accounts Allowing Default Network Access](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_network_deny) Policies.", + "category": "Meta", + "severity": "low", + "readme": "security/azure/storage_network_deny/README.md", + "provider": "Azure", + "service": null, + "policy_set": null, + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, + { + "name": "Meta Parent: Azure Storage Accounts Without Secure TLS", + "file_name": "security/azure/storage_tls_version/storage_tls_version_meta_parent.pt", + "version": "3.0.0", + "change_log": "security/azure/storage_tls_version/CHANGELOG.md", + "description": "**NOTE: Meta policies are an alpha feature. Please consult the [README](https://github.com/flexera-public/policy_templates/blob/master/README_META_POLICIES.md) before use.** Applies and manages \"child\" [Azure Storage Accounts Without Secure TLS](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_tls_version) Policies.", + "category": "Meta", + "severity": "low", + "readme": "security/azure/storage_tls_version/README.md", + "provider": "Azure", + "service": null, + "policy_set": null, + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, { "name": "Meta Parent: Azure Storage Accounts Without Secure Transfer", "file_name": "security/azure/secure_transfer_required/secure_transfer_required_meta_parent.pt", @@ -5559,6 +5610,23 @@ "generally_recommended": false, "deprecated": false }, + { + "name": "Meta Parent: Azure Storage Accounts Without Trusted Microsoft Services Access", + "file_name": "security/azure/storage_trusted_services/storage_trusted_services_meta_parent.pt", + "version": "3.0.0", + "change_log": "security/azure/storage_trusted_services/CHANGELOG.md", + "description": "**NOTE: Meta policies are an alpha feature. Please consult the [README](https://github.com/flexera-public/policy_templates/blob/master/README_META_POLICIES.md) before use.** Applies and manages \"child\" [Azure Storage Accounts Without Trusted Microsoft Services Access](https://github.com/flexera-public/policy_templates/tree/master/security/azure/storage_trusted_services) Policies.", + "category": "Meta", + "severity": "low", + "readme": "security/azure/storage_trusted_services/README.md", + "provider": "Azure", + "service": null, + "policy_set": null, + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, { "name": "Meta Parent: Azure Storage Accounts without Lifecycle Management Policies", "file_name": "cost/azure/storage_account_lifecycle_management/storage_account_lifecycle_management_meta_parent.pt", @@ -5627,6 +5695,23 @@ "generally_recommended": false, "deprecated": false }, + { + "name": "Meta Parent: Azure Table Storage Accounts Without Logging Enabled", + "file_name": "security/azure/table_storage_logging/table_storage_logging_meta_parent.pt", + "version": "3.0.0", + "change_log": "security/azure/table_storage_logging/CHANGELOG.md", + "description": "**NOTE: Meta policies are an alpha feature. Please consult the [README](https://github.com/flexera-public/policy_templates/blob/master/README_META_POLICIES.md) before use.** Applies and manages \"child\" [Azure Table Storage Accounts Without Logging Enabled](https://github.com/flexera-public/policy_templates/tree/master/security/azure/table_storage_logging) Policies.", + "category": "Meta", + "severity": "low", + "readme": "security/azure/table_storage_logging/README.md", + "provider": "Azure", + "service": null, + "policy_set": null, + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, { "name": "Meta Parent: Azure Tag Cardinality Report", "file_name": "operational/azure/tag_cardinality/azure_tag_cardinality_meta_parent.pt", @@ -5780,6 +5865,23 @@ "generally_recommended": false, "deprecated": false }, + { + "name": "Meta Parent: Azure Web Apps Without Secure TLS", + "file_name": "security/azure/webapp_tls_version_support/azure_webapp_min_tls_version_meta_parent.pt", + "version": "3.0.0", + "change_log": "security/azure/webapp_tls_version_support/CHANGELOG.md", + "description": "**NOTE: Meta policies are an alpha feature. Please consult the [README](https://github.com/flexera-public/policy_templates/blob/master/README_META_POLICIES.md) before use.** Applies and manages \"child\" [Azure Web Apps Without Secure TLS](https://github.com/flexera-public/policy_templates/tree/master/security/azure/webapp_tls_version_support) Policies.", + "category": "Meta", + "severity": "low", + "readme": "security/azure/webapp_tls_version_support/README.md", + "provider": "Azure", + "service": null, + "policy_set": null, + "recommendation_type": null, + "updated_at": "2024-08-09T15:01:45Z", + "generally_recommended": false, + "deprecated": false + }, { "name": "Meta Parent: Google Committed Use Discount Recommender", "file_name": "cost/google/cud_recommendations/google_committed_use_discount_recommendations_meta_parent.pt",