module/ConfigurationProvider/ControlConfigurations/Services/RecoveryServicesVault.json
|
{
"FeatureName": "RecoveryServicesVault", "Reference": "", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_RecoveryServicesVault_DP_Enable_Soft_Delete", "Description": "Always-on soft delete must be enabled on Recovery Services Vault", "Id": "RecoveryServicesVault100", "ControlSeverity": "High", "Automated": "Yes", "ControlScanSource": "Reader", "MethodName": "CheckRecoveryServicesVaultSoftDelete", "DisplayName": "Always-on soft delete must be enabled on Recovery Services Vault", "Category": "Data persistence should be ensured", "ControlRequirements": "Data should be protected against inadvertent or malicious deletion", "Rationale": "Enabling soft delete feature on Recovery Services Vault acts as a safety measure to recover inadvertently or maliciously deleted backup data.", "Recommendation": "To enable always on soft delete using Azure Portal, please refer: https://learn.microsoft.com/en-us/azure/backup/backup-azure-enhanced-soft-delete-configure-manage?tabs=recovery-services-vault or by using powershell please refer: https://learn.microsoft.com/en-us/powershell/module/az.dataprotection/update-azdataprotectionbackupvault?view=azps-10.0.0#syntax.", "Enabled": true, "ControlSettings": { "SoftDeleteState": "ALWAYSON" }, "ControlEvaluationDetails": { "RequiredProperties": [ "VaultSettings" ] }, "Tags": [ "DP", "Baseline", "RecoveryServicesVault" ], "CustomTags": [ "Weekly" ] }, { "ControlID": "Azure_RecoveryServicesVault_DP_Enable_Immutability", "Description": "Immutability must be enabled and locked on Recovery Services Vault", "Id": "RecoveryServicesVault110", "ControlSeverity": "High", "Automated": "Yes", "ControlScanSource": "Reader", "MethodName": "CheckRecoveryServicesVaultImmutability", "DisplayName": "Immutability must be enabled and locked on Recovery Services Vault", "Category": "Data persistence should be ensured", "ControlRequirements": "Data should be protected against inadvertent or malicious deletion", "Rationale": "Immutable vault can help you protect your backup data by blocking any operations that could lead to loss of recovery points. Further, you can lock the Immutable vault setting to make it irreversible to prevent any malicious actors from disabling immutability and deleting backups.", "Recommendation": "To enable and lock immutability using Azure Portal, please refer: https://learn.microsoft.com/en-us/azure/backup/backup-azure-immutable-vault-how-to-manage?tabs=recovery-services-vault or by using powershell please refer: https://learn.microsoft.com/en-us/powershell/module/az.recoveryservices/update-azrecoveryservicesvault?view=azps-12.2.0.", "Enabled": true, "ControlSettings": { "ImmutabilityState": "Locked" }, "ControlEvaluationDetails": { "RequiredProperties": [ "VaultSettings" ] }, "Tags": [ "DP", "Baseline", "RecoveryServicesVault" ], "CustomTags": [ "Daily", "TenantBaseline", "TBv14", "SN:Recoveryservicesvault_EnableImmutability" ] } ] } |