search

ssc-spc-ccoe-cei / azure-guardrails-solution-accelerator

This implementation automates reporting to verify compliance with GC Cloud Guardrails. SSC and TBS review the results. Cette mise en œuvre automatise la production de rapports afin de vérifier la conformité aux mesures de sécurité infonuagique du GC. SPC et SCT examinent les résultats.
Other
11 stars 5 forks source link

[New Control] GR9 | Validation 3 | Tools In Use For Limiting Access To Authorized Source IP Addresses (M) #265

Closed singhgss closed 1 week ago

singhgss commented 1 week ago

Overview/Summary

This Pull Request introduces a new control to check for tools that limit access to authorized source IP addresses, focusing on firewalls and application gateways.

This PR fixes/adds/changes/removes

closes #218

  1. Added a check for the existence of a firewall (Fortigate or Azure Native Firewall) or application gateway per subscription.
  2. Ensured compliance validation based on the presence of a Web Application Firewall (WAF) configuration on the application gateway.
  3. Enhanced reporting to include detailed comments on firewall type or application gateway status per subscription.

Breaking Changes

None anticipated.

Testing Evidence

Please provide any testing evidence to show that this Pull Request works/fixes as described (include screenshots, if appropriate).

image

As part of this Pull Request I have

Compliance Status Example (for documentation)

Subscription Comments Compliance Status
CTO-CPMS There is an Azure firewall associated with this subscription. Compliant
GGG-154 There is an application gateway with the appropriate configurations. Compliant
6hy-tra There is a Fortigate Firewall associated with this subscription. Compliant
XYZ-123 This subscription does not have either a firewall or an application gateway. Non-Compliant
ABC-789 The application gateway assigned does not have a Web Application Firewall configured. Non-Compliant

Comments for Compliance Check: