Documentation - V-276246

V-276246

Microsoft Azure SQL Managed Instance Security Technical Implementation Guide

CAT II

Title

The Azure SQL Managed Instance must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL) and vulnerability assessments.

Description

<VulnDiscussion>To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols/services on information systems. Applications are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizationa...

Fix Text (Documentation Requirement)

Assign the approved policy to Azure SQL Managed Instance: 1. From the Azure Portal, click the Azure SQL Managed Instance. 2. Click "Networking" under Security. 3. Review the public endpoint option. 4. Check the box to "Disable" public endpoint. 5. Click "Save". Review the Azure SQL Managed Instance's NSG configuration for inbound and outbound rules to restrict access to specific ports and resources. For more information about connection policies, refer to: https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/connectivity-architecture-overview?view=azuresql&tabs=current

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel