CIS Microsoft Azure Foundations Benchmark

CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.

The CIS Controls® and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals.

The CIS Microsoft Azure Foundations Security Benchmark provides prescriptive guidance for establishing a secure baseline configuration for Microsoft Azure. Its scope is designed to assist organizations in establishing the foundation level of security for anyone adopting the Microsoft Azure cloud. 

The following configuration profiles are defined by this Benchmark:

  • Level 1 Items in this profile intend to:
    • be practical and prudent;
    • provide a clear security benefit; and
    • not inhibit the utility of the technology beyond acceptable means.
  • Level 2 This profile extends the “Level 1” profile. Items in this profile exhibit one or more of the following characteristics:
    • are intended for environments or use cases where security is paramount
    • acts as defense in depth measure
    • may negatively inhibit the utility or performance of the technology.

Our Managed Azure Compliance Services are focused mostly at Level 1.

For a list of all the CIS security controls, please see the official site.