NIST checklist

Yanping Sun 100 Reputation points
2024-03-06T15:22:26.87+00:00

Hi, we are trying to comply with NIST standard. Microfost Defender for Cloud offers NIST checklist. While I working through the list, I am quite confused.

  • One of the failure item is 'Azure Defender for servers should be enabled' which is in regards to my subscription. When I checked my subscription, the overview page showed 'Azure Defender coverage 100% covered'. Any ideas?
  • Also after I did changes in order to be compliant, is there a way to manually refresh the policy checklist results? Thanks
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,266 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marcin Policht 18,005 Reputation points MVP
    2024-03-06T16:49:50.06+00:00

    To trigger evaluation of Azure Policy (which how this checklist is implemented), refer to https://learn.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data

    Regarding the results, this appears to apply to Defender for Servers - refer to https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan


    hth

    Marcin

    1 person found this answer helpful.
    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Yanping Sun 100 Reputation points
    2024-03-12T20:07:35.7+00:00

    I have an error "Storage accounts should use private link" in the checklist, but I have disabled all public network access in my storage account (I don't really use this storage account, it was created automatically by my web app service for monitoring purpose?).
    Does it mean I HAVE to create a private endpoint connection for this storage to be compliant?

    User's image

    0 comments No comments

  2. Yanping Sun 100 Reputation points
    2024-03-12T22:46:47.58+00:00

    Another error I couldn't figure out the solution: App Service apps should have resource logs enabled

    I enabled the application log in my web app: User's image

    0 comments No comments

  3. Marcin Policht 18,005 Reputation points MVP
    2024-03-14T22:40:57.0666667+00:00

    Follow the instructions if you want to fully comply with the standard.


    hth

    Marcin

    0 comments No comments