module/ConfigurationProvider/ControlConfigurations/Services/RedisEnterprise.json
|
{
"FeatureName": "RedisEnterprise", "Reference": "", "IsMaintenanceMode":false, "Controls" : [ { "ControlID": "Azure_RedisEnterprise_Audit_Enable_Diagnostic_Settings", "Description": "Enable security logging in Redis Enterprise", "Id": "RedisEnterprise100", "ControlSeverity": "Medium", "Automated": "Yes", "MethodName": "CheckDiagnosticsSettings", "DisplayName": "Enable security logging in Redis Enterprise", "Category": "Monitoring must be correctly configured", "ControlRequirements": "Monitoring and auditing must be enabled and correctly configured according to prescribed organizational guidance", "Rationale": "Enabling diagnostic settings Connection Events collects information on client connections to your cache. Logging and analysing this diagnostic setting helps you understand who is connecting to your caches and the timestamp of those connections which could be used to identify the scope of a security breach and for security auditing purposes.", "Enabled": true, "Recommendation": "To enable diagnostic settings, refer https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-monitor-diagnostic-settings?tabs=enterprise-enterprise-flash#enable-connection-logging-using-the-azure-portal", "Tags": [ "Audit", "Diagnostics", "Baseline", "RedisEnterprise" ], "ControlSettings": { "DiagnosticLogs": [ "ConnectionEvents" ] }, "ControlEvaluationDetails": { "RequiredProperties": [ "DiagnosticSettings" ] }, "CustomTags": [ "Daily", "SN:RedisEnterprise_Logging", "TenantBaseline", "TBv13" ] }, { "ControlID": "Azure_RedisEnterprise_BCDR_Use_RDB_Backup", "Description": "Redis Enterprise data persistence must be enabled for durability", "Id": "RedisEnterprise110", "ControlSeverity": "Medium", "Automated": "Yes", "MethodName": "CheckRedisEnterpriseRDBBackup", "DisplayName": "Redis Enterprise data persistence must be enabled for durability", "Category": "Data persistence must be ensured", "ControlRequirements": "Data must be backed to ensure quicker and efficient recovery", "Rationale": "As part of high availability and disaster recovery strategy, data is persisted to a managed disk attached to the Enterprise Redis instance to help restore data automatically to the same cache after data loss. RDB persistence supports data recovery by saving backups based on the configured backup interval with minimal effect to performance on your cache.", "Enabled": true, "Recommendation": "To enable RDB persistence, refer https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-premium-persistence?tabs=enterprise", "Tags": [ "Baseline", "Best Practice", "BCDR", "RedisEnterprise" ], "CustomTags": [ "Weekly", "SN:RedisEnterprise_RDBBackUp", ], "ControlEvaluationDetails": { "RequiredProperties": [ "Databases" ] } }, { "ControlID": "Azure_RedisEnterprise_DP_Use_TLS_Encrypted_Connections", "Description": "Use approved version of TLS and secure client protocol for Redis Enterprise", "Id": "RedisEnterprise120", "ControlSeverity": "Medium", "Automated": "Yes", "MethodName": "CheckRedisEnterpriseTLSConfiguration", "DisplayName": "Use approved version of TLS and secure client protocol for Redis Enterprise", "Category": "Encrypt data in transit", "ControlRequirements": "Data must be encrypted in transit and at rest", "Rationale": "Use of TLS encrypted connections ensures secure connection over network and protects data in transit from network layer man-in-the-middle, eavesdropping, session-hijacking attacks.", "Enabled": true, "Recommendation": "To set the minimum required version use command: Update-AzRedisEnterpriseCache -Name <RedisEnterpriseName> -ResourceGroupName <ResourceGroupName> -MinimumTlsVersion '1.2'. To disable Non-TLS access using Azure portal: Select your Azure Redis Enterprise --> select Overview --> Under essentials click 'Plain text' --> Select the checkbox for 'Non-TLS access only' --> Click 'Save'.", "ControlSettings": { "TLSVersion": "1.2", "ClientProtocol": "Encrypted" }, "ControlEvaluationDetails": { "RequiredProperties": [ "Databases" ] }, "Tags": [ "Baseline", "DP", "RedisEnterprise" ], "CustomTags": [ "Daily", "SN:RedisEnterprise_TLS", "TenantBaseline", "TBv13" ] }, { "ControlID": "Azure_RedisEnterprise_BCDR_Configure_Allowed_Redundancy", "Description": "Configure allowed redundancy for Azure Redis Enterprise Cache to ensure BCDR", "Id": "RedisEnterprise130", "ControlSeverity": "Medium", "Automated": "Yes", "MethodName": "CheckRedisEnterpriseCacheZoneRedundancy", "DisplayName": "Configure allowed redundancy for Azure Redis Enterprise Cache to ensure BCDR", "Category": "Business Continuity and Disaster Recovery", "ControlRequirements": "Appropriate redundancy must be configured for Azure Redis Enterprise Cache", "Rationale": "Redundancy helps with data replication across multiple locations, ensuring data availability, durability and resiliency against failures.", "Recommendation": "Configure Zone redundancy https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-zone-redundancy or Geo replication https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication", "ControlSettings": { "MinZonesLength": 1, "MinLinkedDatabasesLength": 1 }, "Tags": [ "Redis", "BCDR", "Best Practice", "Baseline" ], "Enabled": true, "CustomTags": [ "Weekly" ] } ] } |