U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CIS Microsoft Azure Compute Services Benchmark 1.0.0 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Microsoft Azure cpe:/o:microsoft:azure:- (View CVEs)

Checklist Highlights

Checklist Name:
CIS Microsoft Azure Compute Services Benchmark
Checklist ID:
1136
Version:
1.0.0
Type:
Compliance
Review Status:
Final
Authority:
Third Party: Center for Internet Security (CIS)
Original Publication Date:
09/15/2023

Checklist Summary:

This benchmark - CIS Microsoft Azure Compute Services Benchmark - will provide secure configuration recommendations for Azure products that Microsoft has categorized as “Compute” services. The specific Microsoft Azure services in scope of this Benchmark include: App Service Azure Container Instances Azure CycleCloud Azure Dedicated Host Azure Functions Azure Kubernetes Service (AKS) Azure Quantum Azure Service Fabric Azure Spot Virtual Machines Azure Spring Apps Azure Virtual Desktop Azure VM Image Builder Azure VMware Solution Batch Cloud Services Linux Virtual Machines SQL Server on Azure Virtual Machines Static Web Apps Virtual Machine Scale Sets Virtual Machines For more information on Microsoft Azure product categories and services, please refer to the Microsoft Azure Product Directory here: https://azure.microsoft.com/en-us/products/.

Checklist Role:

  • Virtualization Server
  • Web Application Server

Known Issues:

Not provided.

Target Audience:

This document is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Microsoft Azure.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

https://www.cisecurity.org/cis-securesuite/cis-securesuite-membership-terms-of-use/

Product Support:

Not provided.

Point of Contact:

benchmarkinfo@cisecurity.org

Sponsor:

Not provided.

Licensing:

https://www.cisecurity.org/cis-securesuite/cis-securesuite-membership-terms-of-use/

Change History:

new checklist - 2/28/24
update links and support information
Candidate to Final - 4/30/24

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 04/30/2024