search

ssc-spc-ccoe-cei / azure-guardrails-solution-accelerator

This implementation automates reporting to verify compliance with GC Cloud Guardrails. SSC and TBS review the results. Cette mise en œuvre automatise la production de rapports afin de vérifier la conformité aux mesures de sécurité infonuagique du GC. SPC et SCT examinent les résultats.
Other
7 stars 4 forks source link

GR6 | PBMM Policy Check | Comments and Subscription Logic #154

Closed MathesonSho closed 1 month ago

MathesonSho commented 2 months ago

Request: Focus on the logic for subscriptions and remove the roll-ups for management groups.

Detailed Test cases for “Transparent Data Encryption on SQL databases should be enabled”

  1. No resources but everything applied

Current Result= non-compliant

image

Wanted Result = Compliant

Comments: PBMM initiative has been applied. Required Policy Definitions are not exempt. 0 Resources.

  1. No resources but 1 policy exempt on 1 subscriptions. Current Result = Non-compliant

image

Wanted Result = Non-compliant Comments: PBMM initiative has been applied. Exemption for policy definition name OR ID.

  1. Create SQL Server without exemption.

No issues. Use case is as intended.

  1. SQL Server with an exemption. Current Result = Non-compliant image

Wanted Result = Non-compliant. Comments: PBMM initiative has been applied. Exemption for policy definition name OR ID.

dutt0 commented 1 month ago

The test cases here are centered around policy. Unless we are updating the compliance reporting structure, can we deduce the compliance results around each subscription similar to the results in CaC GR6 output. I shared an excel file with some test cases @MathesonSho

Image