Overview of the Azure security controls (v1)
The most up-to-date Azure Security Benchmark is available here.
The Azure Security Benchmark contains recommendations that help you improve the security of your applications and data on Azure.
This benchmark focuses on cloud-centric control areas. These controls are consistent with well-known security benchmarks, such as those described by the Center for Internet Security (CIS) Controls Version 7.1.
The following controls are used in the Azure Security Benchmark:
- Network security
- Logging and monitoring
- Identity and access control
- Data protection
- Vulnerability management
- Inventory and asset management
- Secure configuration
- Malware defense
- Data recovery
- Incident response
- Penetration tests and red team exercises
You can also download the Azure Security Benchmark v1 excel spreadsheet.
Azure Security Benchmark Recommendations
Each recommendation includes the following information:
- Azure ID: The Azure Security Benchmark ID that corresponds to the recommendation.
- CIS ID(s): The CIS Benchmark recommendation(s) that correspond to this recommendation.
- Responsibility: Whether the customer or the service-provider (or both) is (are) responsible for implementing this recommendation. Security responsibilities are shared in the public cloud. Some security controls are only available to the cloud service provider and therefore the provider is responsible for addressing those. These are general observations – for some individual services, the responsibility will be different than what is listed in the Azure Security Benchmark. Those differences are described in the baseline recommendations for the individual service.
- Details: The rationale for the recommendation and links to guidance on how to implement it. If the recommendation is supported by Azure Security Center, that information will also be listed.
We welcome your detailed feedback and active participation in the Azure Security Benchmark effort. if you would like to provide the Azure Security Benchmark team direct input, please fill out the form at https://aka.ms/AzSecBenchmark.