Feature - Security rules for OSDU Infrastructure - Encryption
From EPAM security recommendations we got the following suggestions for ENCRYPTION to comply with:
Done | Infra Relation | Rule |
---|---|---|
[ ] | ENCRYPTION | Ensure Storage Service Encryption is enabled for Storage Accounts |
[ ] | ENCRYPTION | Ensure that Storage Accounts have infrastructure encryption enabled |
[ ] | ENCRYPTION | Ensure Storage Accounts are using the latest version of TLS encryption |
[ ] | ENCRYPTION | Ensure that "OS and Data" disks are encrypted with Customer Managed Key |
[ ] | ENCRYPTION | Ensure that public network access is disabled in Managed Disks |
[ ] | ENCRYPTION | Ensure that all unattached VM disks are encrypted |
[ ] | ENCRYPTION | Ensure that Container Registries are configured to disable public network access |
[ ] | ENCRYPTION | Ensure that Container Registries are encrypted with a customer-managed key |
All changes must be well documented and if downtime it would be expected.
Would be nice to test this in greenfield environments as well.