NIST Log Analytics Compliance

[shawngib]

Benefit/Result/Outcome
Review non-compliant policies of the default built in NIST 800-53 initiative and decide:

does the policy require work in Terraform to make compliant or do we simply need to document additional work needed by customer to make compliant

Description

Log Analytics Workspace

Policy	Description
Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption	Link storage account to Log Analytics workspace to protect saved-queries with storage account encryption. Customer-managed keys are commonly required to meet regulatory compliance and for more control over the access to your saved-queries in Azure Monitor. For more details on the above

References:

• https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-storage#link-storage-accounts-to-your-log-analytics-workspace
• https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/components/linkedstorageaccounts?pivots=deployment-language-bicep

Acceptance Criteria

• Issues created to to either add documentation or compliance related feature change

[shawngib]

@brooke-hamilton Turns out this is a larger discussion around the correct 'central logging model' needed and used. Some considerations:

• Policy for all diagnostic settings for logs on all resources to LA
• Terraform doesn't appear to be able to set storage linking for queries
• Private link and network restriction settings on workspace