Share via

Azure Security Assessment

Raju Golla 41 Reputation points
2020-09-29T10:26:25.71+00:00

Hi there,

It is required to assess the Security (CSPM) for all our Azure PaaS & SaaS services across a number of Management Groups. Not just the security score. An in-depth Security Assessment to be carried out across:-

  1. Identity and Access Management
  2. Platform Security
  3. Security Operations
  4. Application & Data Security
  5. Subscriptions Security

Would it help to go through Microsoft suggested Azure Security Benchmark, then deploy Azure policies and resolve the services that are not complaint? by checking the security center and secure score?

Please suggest the best approach, tools, and useful resources.

Thanks

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
911 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,402 questions
0 comments
Accepted answer
  1. JamesTran-MSFT 36,631 Reputation points Microsoft Employee
    2020-10-12T19:57:38.61+00:00

    @Raju Golla
    Thank you for your time and patience throughout this issue. I got a response from our engineering team and will post it below.

    PG response:
    There is no direct mapping between ASB and CSA CCM, however our ASB v2 is now mapped to NIST 800-53 r4 which can be plugged into other standards like CCM.
    31756-image.png
    Reference: https://learn.microsoft.com/en-us/azure/security/benchmarks/overview

    Example of an ASB control NS-1 mapping to NIST 800-53:
    31707-image.png
    Reference: https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic

    The Cloud Security Alliance has some published addendums that outline these mappings to NIST 800-53 r4, so we can get a resulting linked mapping to the ASB where the controls are applicable.

    1. Download the CCM mapping to NIST 800-53 r4
      a. https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v3-0-1/
    2. Download the ASB v2 mapping to NIST 800-53 r4
      a. https://learn.microsoft.com/en-us/azure/security/benchmarks/overview#download
    3. Join or perform evaluation of resulting mapping
      31821-image.png

    If you have any other questions, please let me know.
    Thank you again for your time and patience throughout this issue.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,631 Reputation points Microsoft Employee
    2020-09-29T21:23:19.383+00:00

    @Raju Golla
    Thank you for the post!

    It'd definitely be beneficial to go through the Azure Security Benchmark documentation so you can gain a better understanding of the common use cases, such as improving your security posture of existing Azure deployments, or implementing best practices and recommendations to help improve the security of workloads, data, and services on Azure.

    Another useful resource would be the Azure Security Center documentation, which will help you understand key capabilities, and specifically help you understand your secure score so you can quickly remediate your Azure resources.

    If you have any other questions, please let me know.
    Thank you again for your time and patience throughout this issue.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.