Regulations.json

[
    {
        "Name": "DoD 800-53R4",
        "Control": [
            {
                "Name": "Test1",
                "Policy": [
                    {
                        "Name": "Audit diagnostic setting"
                    }
                ]
            },
            {
                "Name": "AC-2",
                "Policy": [
                    {
                        "Name": "Deprecated accounts should be removed from your subscription"
                    },
                    {
                        "Name": "Deprecated accounts with owner permissions should be removed from your subscription"
                    },
                    {
                        "Name": "External accounts with owner permissions should be removed from your subscription"
                    },
                    {
                        "Name": "External accounts with read permissions should be removed from your subscription"
                    },
                    {
                        "Name": "External accounts with write permissions should be removed from your subscription"
                    }
                ]
            },
            {
                "Name": "AC-2(7)",
                "Policy": [
                    {
                        "Name": "An Azure Active Directory administrator should be provisioned for SQL servers"
                    },
                    {
                        "Name": "Audit usage of custom RBAC rules"
                    },
                    {
                        "Name": "Service Fabric clusters should only use Azure Active Directory for client authentication"
                    }
                ]
            },
            {
                "Name": "AC-2(12)",
                "Policy": [
                    {
                        "Name": "Management ports of virtual machines should be protected with just-in-time network access control"
                    }
                ]
            },
            {
                "Name": "AC-5",
                "Policy": [
                    {
                        "Name": "A maximum of 3 owners should be designated for your subscription"
                    },
                    {
                        "Name": "Show audit results from Windows VMs in which the Administrators group contains any of the specified members"
                    },
                    {
                        "Name": "Show audit results from Windows VMs in which the Administrators group does not contain all of the specified members"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs in which the Administrators group contains any of the specified members"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs in which the Administrators group does not contain all of the specified members"
                    },
                    {
                        "Name": "There should be more than one owner assigned to your subscription"
                    }
                ]
            },
            {
                "Name": "AC-6(7)",
                "Policy": [
                    {
                        "Name": "A maximum of 3 owners should be designated for your subscription"
                    },
                    {
                        "Name": "Show audit results from Windows VMs in which the Administrators group contains any of the specified members"
                    },
                    {
                        "Name": "Show audit results from Windows VMs in which the Administrators group does not contain all of the specified members"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs in which the Administrators group contains any of the specified members"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs in which the Administrators group does not contain all of the specified members"
                    },
                    {
                        "Name": "There should be more than one owner assigned to your subscription"
                    }
                ]
            },
            {
                "Name": "AC-17(1)",
                "Policy": [
                    {
                        "Name": "Show audit results from Linux VMs that allow remote connections from accounts without passwords"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords"
                    },
                    {
                        "Name": "Storage accounts should restrict network access"
                    },
                    {
                        "Name": "Remote debugging should be turned off for API Apps"
                    },
                    {
                        "Name": "Remote debugging should be turned off for Function Apps"
                    },
                    {
                        "Name": "Remote debugging should be turned off for Web Applications"
                    }
                ]
            },
            {
                "Name": "AC-23",
                "Policy": [
                    {
                        "Name": "Advanced data security should be enabled on your SQL servers"
                    },
                    {
                        "Name": "Advanced data security should be enabled on SQL Managed Instance"
                    },
                    {
                        "Name": "Auditing on SQL server should be enabled"
                    }
                ]
            },
            {
                "Name": "AU-3(2)",
                "Policy": [
                    {
                        "Name": "[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted"
                    },
                    {
                        "Name": "Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted"
                    },
                    {
                        "Name": "Audit Log Analytics workspace for VM - Report Mismatch"
                    },
                    {
                        "Name": "The Log Analytics agent should be installed on Virtual Machine Scale Sets"
                    },
                    {
                        "Name": "The Log Analytics agent should be installed on virtual machines"
                    }
                ]
            },
            {
                "Name": "AU-5",
                "Policy": [
                    {
                        "Name": "Audit diagnostic setting"
                    },
                    {
                        "Name": "Auditing on SQL server should be enabled"
                    },
                    {
                        "Name": "Advanced data security should be enabled on SQL Managed Instance"
                    },
                    {
                        "Name": "Advanced data security should be enabled on your SQL servers"
                    }
                ]
            },
            {
                "Name": "AU-6(4)",
                "Policy": [
                    {
                        "Name": "[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted"
                    },
                    {
                        "Name": "Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted"
                    },
                    {
                        "Name": "Audit Log Analytics workspace for VM - Report Mismatch"
                    }
                ]
            },
            {
                "Name": "AU-6(5)",
                "Policy": [
                    {
                        "Name": "Audit diagnostic setting"
                    },
                    {
                        "Name": "Vulnerability assessment should be enabled on SQL Managed Instance"
                    },
                    {
                        "Name": "Vulnerability assessment should be enabled on your SQL servers"
                    },
                    {
                        "Name": "Vulnerabilities in security configuration on your machines should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities on your SQL databases should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities should be remediated by a Vulnerability Assessment solution"
                    },
                    {
                        "Name": "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated"
                    },
                    {
                        "Name": "[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted"
                    },
                    {
                        "Name": "Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted"
                    }
                ]
            },
            {
                "Name": "AU-12",
                "Policy": [
                    {
                        "Name": "[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted"
                    },
                    {
                        "Name": "Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted"
                    },
                    {
                        "Name": "Audit Log Analytics workspace for VM - Report Mismatch"
                    },
                    {
                        "Name": "Audit diagnostic setting"
                    },
                    {
                        "Name": "Auditing on SQL server should be enabled"
                    },
                    {
                        "Name": "Advanced data security should be enabled on SQL Managed Instance"
                    },
                    {
                        "Name": "Advanced data security should be enabled on your SQL servers"
                    }
                ]
            },
            {
                "Name": "AU-12(01)",
                "Policy": [
                    {
                        "Name": "Audit diagnostic setting"
                    }
                ]
            },
            {
                "Name": "CM-7(2)",
                "Policy": [
                    {
                        "Name": "Adaptive application controls for defining safe applications should be enabled on your machines"
                    }
                ]
            },
            {
                "Name": "CM-7(5)",
                "Policy": [
                    {
                        "Name": "Adaptive application controls for defining safe applications should be enabled on your machines"
                    }
                ]
            },
            {
                "Name": "CM-11",
                "Policy": [
                    {
                        "Name": "Adaptive application controls for defining safe applications should be enabled on your machines"
                    }
                ]
            },
            {
                "Name": "CP-7",
                "Policy": [
                    {
                        "Name": "Audit virtual machines without disaster recovery configured"
                    }
                ]
            },
            {
                "Name": "CP-9(05)",
                "Policy": [
                    {
                        "Name": "Geo-redundant storage should be enabled for Storage Accounts"
                    },
                    {
                        "Name": "Geo-redundant backup should be enabled for Azure Database for PostgreSQL"
                    },
                    {
                        "Name": "Geo-redundant backup should be enabled for Azure Database for MySQL"
                    },
                    {
                        "Name": "Long-term geo-redundant backup should be enabled for Azure SQL Databases"
                    }
                ]
            },
            {
                "Name": "IA-2(1)",
                "Policy": [
                    {
                        "Name": "MFA should be enabled on accounts with owner permissions on your subscription"
                    },
                    {
                        "Name": "MFA should be enabled accounts with write permissions on your subscription"
                    }
                ]
            },
            {
                "Name": "IA-2(2)",
                "Policy": [
                    {
                        "Name": "MFA should be enabled on accounts with read permissions on your subscription"
                    }
                ]
            },
            {
                "Name": "IA-5",
                "Policy": [
                    {
                        "Name": "Show audit results from Linux VMs that do not have the passwd file permissions set to 0644"
                    },
                    {
                        "Name": "Show audit results from Linux VMs that have accounts without passwords"
                    },
                    {
                        "Name": "Show audit results from Windows VMs that do not store passwords using reversible encryption"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Linux VMs that have accounts without passwords"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption"
                    }
                ]
            },
            {
                "Name": "IA-5(1)",
                "Policy": [
                    {
                        "Name": "Show audit results from Windows VMs that allow re-use of the previous 24 passwords"
                    },
                    {
                        "Name": "Show audit results from Windows VMs that do not have a maximum password age of 70 days"
                    },
                    {
                        "Name": "Show audit results from Windows VMs that do not have a minimum password age of 1 day"
                    },
                    {
                        "Name": "Show audit results from Windows VMs that do not have the password complexity setting enabled"
                    },
                    {
                        "Name": "Show audit results from Windows VMs that do not restrict the minimum password length to 14 characters"
                    },
                    {
                        "Name": "Show audit results from Windows VMs that do not store passwords using reversible encryption"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption"
                    }
                ]
            },
            {
                "Name": "IA-6(2)",
                "Policy": [
                    {
                        "Name": "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities should be remediated by a Vulnerability Assessment solution"
                    },
                    {
                        "Name": "Vulnerabilities in security configuration on your machines should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities in container security configurations should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities on your SQL databases should be remediated"
                    }
                ]
            },
            {
                "Name": "RA-5",
                "Policy": [
                    {
                        "Name": "Advanced data security should be enabled on SQL Managed Instance"
                    },
                    {
                        "Name": "Advanced data security should be enabled on your SQL servers"
                    },
                    {
                        "Name": "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities in security configuration on your machines should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities on your SQL databases should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities should be remediated by a Vulnerability Assessment solution"
                    }
                ]
            },
            {
                "Name": "SC-5",
                "Policy": [
                    {
                        "Name": "Azure DDoS Protection Standard should be enabled"
                    }
                ]
            },
            {
                "Name": "SC-7",
                "Policy": [
                    {
                        "Name": "Access through Internet facing endpoint should be restricted"
                    },
                    {
                        "Name": "Storage accounts should restrict network access"
                    }
                ]
            },
            {
                "Name": "SC-7(3)",
                "Policy": [
                    {
                        "Name": "Management ports of virtual machines should be protected with just-in-time network access control"
                    }
                ]
            },
            {
                "Name": "SC-7(4)",
                "Policy": [
                    {
                        "Name": "Just-In-Time network access control should be applied on virtual machines"
                    }
                ]
            },
            {
                "Name": "SC-8(1)",
                "Policy": [
                    {
                        "Name": "API App should only be accessible over HTTPS"
                    },
                    {
                        "Name": "Show audit results from Windows web servers that are not using secure communication protocols"
                    },
                    {
                        "Name": "Deploy prerequisites to audit Windows web servers that are not using secure communication protocols"
                    },
                    {
                        "Name": "Function App should only be accessible over HTTPS"
                    },
                    {
                        "Name": "Only secure connections to your Azure Cache for Redis should be enabled"
                    },
                    {
                        "Name": "Secure transfer to storage accounts should be enabled"
                    },
                    {
                        "Name": "Web Application should only be accessible over HTTPS"
                    }
                ]
            },
            {
                "Name": "SC-28(1)",
                "Policy": [
                    {
                        "Name": "Advanced data security should be enabled on SQL Managed Instance"
                    },
                    {
                        "Name": "Advanced data security should be enabled on your SQL servers"
                    },
                    {
                        "Name": "Disk encryption should be applied on virtual machines"
                    },
                    {
                        "Name": "Transparent Data Encryption on SQL databases should be enabled"
                    }
                ]
            },
            {
                "Name": "SI-2",
                "Policy": [
                    {
                        "Name": "System updates on virtual machine scale sets should be installed"
                    },
                    {
                        "Name": "System updates should be installed on your machines"
                    },
                    {
                        "Name": "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities in security configuration on your machines should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities on your SQL databases should be remediated"
                    },
                    {
                        "Name": "Vulnerabilities should be remediated by a Vulnerability Assessment solution"
                    }
                ]
            },
            {
                "Name": "SI-02(06)",
                "Policy": [
                    {
                        "Name": "Ensure that 'HTTP Version' is the latest, if used to run the Api app"
                    },
                    {
                        "Name": "Ensure that 'HTTP Version' is the latest, if used to run the Function app"
                    },
                    {
                        "Name": "Ensure that 'HTTP Version' is the latest, if used to run the Web app"
                    },
                    {
                        "Name": "Ensure that 'Java version' is the latest, if used as a part of the Api app"
                    },
                    {
                        "Name": "Ensure that 'Java version' is the latest, if used as a part of the Function app"
                    },
                    {
                        "Name": "Ensure that 'Java version' is the latest, if used as a part of the Web app"
                    },
                    {
                        "Name": "Ensure that 'PHP version' is the latest, if used as a part of the Api app"
                    },
                    {
                        "Name": "Ensure that 'PHP version' is the latest, if used as a part of the WEB app"
                    },
                    {
                        "Name": "Ensure that 'Python version' is the latest, if used as a part of the Api app"
                    },
                    {
                        "Name": "Ensure that 'Python version' is the latest, if used as a part of the Function app"
                    },
                    {
                        "Name": "Ensure that 'Python version' is the latest, if used as a part of the Web app"
                    },
                    {
                        "Name": "Latest TLS version should be used in your API App"
                    },
                    {
                        "Name": "Latest TLS version should be used in your Function App"
                    },
                    {
                        "Name": "Latest TLS version should be used in your Web App"
                    },
                    {
                        "Name": "Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version"
                    }
                ]
            },
            {
                "Name": "SI-3",
                "Policy": [
                    {
                        "Name": "Endpoint protection solution should be installed on virtual machine scale sets"
                    },
                    {
                        "Name": "Monitor missing Endpoint Protection in Azure Security Center"
                    },
                    {
                        "Name": "Microsoft IaaSAntimalware extension should be deployed on Windows servers"
                    }
                ]
            },
            {
                "Name": "SI-3(1)",
                "Policy": [
                    {
                        "Name": "Endpoint protection solution should be installed on virtual machine scale sets"
                    },
                    {
                        "Name": "Monitor missing Endpoint Protection in Azure Security Center"
                    }
                ]
            },
            {
                "Name": "SI-4",
                "Policy": [
                    {
                        "Name": "[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted"
                    },
                    {
                        "Name": "Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted"
                    },
                    {
                        "Name": "Audit Log Analytics workspace for VM - Report Mismatch"
                    },
                    {
                        "Name": "Advanced data security should be enabled on SQL Managed Instance"
                    },
                    {
                        "Name": "Advanced data security should be enabled on your SQL servers"
                    },
                    {
                        "Name": "Network Watcher should be enabled"
                    }
                ]
            },
            {
                "Name": "SI-4(12)",
                "Policy": [
                    {
                        "Name": "Email notification to subscription owner for high severity alerts should be enabled"
                    },
                    {
                        "Name": "A security contact email address should be provided for your subscription"
                    },
                    {
                        "Name": "A security contact phone number should be provided for your subscription"
                    }
                ]
            }
        ]
    },
    {
        "Name": "Fish",
        "Control": []
    }
]