Documentation - V-276245

V-276245

Microsoft Azure SQL Managed Instance Security Technical Implementation Guide

CAT II

Title

The Azure SQL Managed Instance audit storage account must be configured to prohibit public access.

Description

<VulnDiscussion>To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols/services on information systems. Applications are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizationa...

Fix Text (Documentation Requirement)

Assign the approved policy to the audit storage account: 1. From the Azure Portal, click the audit storage account. 2. Click "Networking" under security. 3. Review the public network access option. 4. Check the box to "Disable" public network access. 5. Click "Save". Review the audit storage account's NSG configuration for inbound and outbound rules to restrict access to specific ports and resources. For more information about connection policies, refer to: https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/connectivity-architecture-overview?view=azuresql&tabs=current

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel