This implementation automates reporting to verify compliance with GC Cloud Guardrails. SSC and TBS review the results. Cette mise en œuvre automatise la production de rapports afin de vérifier la conformité aux mesures de sécurité infonuagique du GC. SPC et SCT examinent les résultats.
Description: The following are some new controls for the CaC Solution's Guardrail 7. The goal is to determine if TLS1.2+ or HTTPS encryption is being used for all cloud services including publicly accessible sites and external communications. The checks will look at Other Cloud Apps.
ItemName: App Service HTTPS Configuration (M)
This check uses built-in Azure Policies and their evaluation to determine compliance. The following check is inside the Canada Federal PBMM:
App Service apps should only be accessible over HTTPS
If the PBMM initiative has been applied to the subscription, and the following policy has not been excluded, and the policy compliance results show all compliant resources then check is compliant. If there are no applicable resources in the environment default pass.
ItemName: Function App HTTPS Configuration (M)
This check uses built-in Azure Policies and their evaluation to determine compliance. The following check is inside the Canada Federal PBMM:
Function apps should only be accessible over HTTPS
If the PBMM initiative has been applied to the subscription, and the following policy has not been excluded, and the policy compliance results show all compliant resources then check is compliant. If there are no applicable resources in the environment default pass.
Additional context
Breaking down the original GR7 V1 (M) ticket into two tickets.
TLS/ HTTPS Policy Checks
Description: The following are some new controls for the CaC Solution's Guardrail 7. The goal is to determine if TLS1.2+ or HTTPS encryption is being used for all cloud services including publicly accessible sites and external communications. The checks will look at Other Cloud Apps.
If the PBMM initiative has been applied to the subscription, and the following policy has not been excluded, and the policy compliance results show all compliant resources then check is compliant. If there are no applicable resources in the environment default pass.
If the PBMM initiative has been applied to the subscription, and the following policy has not been excluded, and the policy compliance results show all compliant resources then check is compliant. If there are no applicable resources in the environment default pass.
Additional context Breaking down the original GR7 V1 (M) ticket into two tickets.