AzTS

1.0.3

module/ConfigurationProvider/ControlConfigurations/Services/DataLakeStore.json

                                {

  "FeatureName": "DataLakeStore",

  "Reference": "aka.ms/azsktcp/datalakestore",

  "IsMaintenanceMode": false,

  "Controls": [

    {

      "ControlID": "Azure_DataLakeStore_DP_Encrypt_At_Rest",

      "Description": "Sensitive data must be encrypted at rest",

      "Id": "DataLakeStore180",

      "ControlSeverity": "High",

      "Automated": "Yes",

      "MethodName": "CheckEncryptionAtRest",

      "DisplayName": "Data Lake Store sensitive data must be encrypted at rest",

      "Category": "Encrypt data at rest",

      "ControlRequirements": "Data must be encrypted in transit and at rest",

      "Rationale": "Using this feature ensures that sensitive data is stored encrypted at rest. This minimizes the risk of data loss from physical theft and also helps meet regulatory compliance requirements.",

      "Recommendation": "Ensure that encryption is not disabled when creating a new Data Lake Store. Refer: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-security-overview#data-protection. Encryption cannot be enabled after the fact for Data Lake Store.",

      "Tags": [

        "SDL",

        "TCP",

        "Automated",

        "DP",

        "DataLakeStore",

        "Baseline",

        "Weekly",

        "ExcludedControl",

        "CSEOPilotP1",

        "CSEOPilotSub"

      ],

      "ControlEvaluationDetails": {

        "RequiredProperties": [

          "EncryptionState"

        ]

      },

      "Enabled": true,

      "CustomTags": [

        "CSEOBaseline",

        "CSEOPilot"

      ]

    },

    {

      "ControlID": "Azure_DataLakeStore_Audit_Enable_Diagnostic_Settings",

      "Description": "Diagnostics logs must be enabled for Azure Data Lake Store",

      "Id": "DataLakeStore200",

      "ControlSeverity": "Medium",

      "Automated": "Yes",

      "MethodName": "CheckDiagnosticsSettings",

      "DisplayName": "Diagnostics logs must be enabled for Azure Data Lake Store",

      "Category": "Monitoring must be correctly configured",

      "ControlRequirements": "Monitoring and auditing must be enabled and correctly configured according to prescribed organizational guidance",

      "Rationale": "Logs should be retained for a long enough period so that activity trail can be recreated when investigations are required in the event of an incident or a compromise. A period of 1 year is typical for several compliance requirements as well.",

      "Recommendation": "You can change the diagnostic settings from the Azure Portal by following the steps given here: https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings.",

      "Tags": [

        "SDL",

        "TCP",

        "Automated",

        "Audit",

        "Diagnostics",

        "DataLakeStore",

        "Baseline"

      ],

      "ControlEvaluationDetails": {

        "RequiredProperties": [

          "DiagnosticSettings"

        ]

      },

      "Enabled": true,

      "ControlSettings": {

        "DiagnosticForeverRetentionValue": "0",

        "DiagnosticMinRetentionPeriod": "365",

        "DiagnosticLogs": [

          "Audit",

          "Requests"

        ]

      },

      "CustomTags": [

        "Weekly"

      ]

    },

    {

      "ControlID": "Azure_DataLakeStore_Audit_Enable_Diagnostics_Logs_MCSB",

      "Description": "[MCSB] Resource logs in Azure Data Lake Store should be enabled",

      "Id": "DataLakeStore210",

      "ControlSeverity": "High",

      "Automated": "Yes",

      "DisplayName": "[MCSB] Resource logs in Azure Data Lake Store should be enabled",

      "Category": "Monitoring must be correctly configured",

      "ControlRequirements": "Monitoring and auditing must be enabled and correctly configured according to prescribed organizational guidance",

      "ControlScanSource": "MDC",

      "Rationale": "Logs should be retained for a long enough period so that activity trail can be recreated when investigations are required in the event of an incident or a compromise. A period of 1 year is typical for several compliance requirements as well.",

      "Recommendation": "You can change the diagnostic settings from the Azure Portal by following the steps given here: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal#create-diagnostic-settings.",

      "Tags": [

        "Automated",

        "Audit",

        "DataLakeStore",

        "Baseline"

      ],

      "AssessmentProperties": {

        "AssessmentNames": [

          "ad5bbaeb-7632-5edf-f1c2-752075831ce8"

        ],

        "AssessmentStatusMappings": [

          {

            "AssessmentStatusCode": "NotApplicable",

            "EffectiveVerificationResult": "Failed",

            "AssessmentStatusCausePatterns": "(.)*OffByPolicy|Exempt(.)*",

            "AppendMessageToStatusReason": "Disabling or exempting the policy from getting evaluated is not recommended. The Control will be marked as Failed."

          }

        ]

      },

      "Enabled": false,

      "CustomTags": [

        "Daily",

        "MCSB"

      ]

    }

  ]

}