Microsoft cloud security benchmark#
Microsoft cloud security benchmark (MCSB) is a set of controls and recommendations that help improve the security of workloads on Azure and your multi-cloud environment. Controls from the MCSB are also mapped to industry frameworks, such as CIS, PCI-DSS, and NIST.
If you are new to MCSB or are looking for guidance on how to use it, please see the Introduction to the Microsoft cloud security benchmark.
Microsoft cloud security benchmark v1#
Is the latest version of the MCSB. Rules included within PSRule for Azure have been mapped to v1 so that you are able to understand the impact of the rules. This is particularly useful when you are looking to understand how to address a compliance requirement specific to your organization.
The following controls are included in the Microsoft cloud security benchmark v1:
- Network security (NS)
- Identity Management (IM)
- Privileged Access (PA)
- Data Protection (DP)
- Asset Management (AM)
- Logging and Threat Detection (LT)
- Incident Response (IR)
- Posture and Vulnerability Management (PV)
- Endpoint Security (ES)
- Backup and Recovery (BR)
- DevOps Security (DS)
Using the MCSB v1 baseline#
Experimental ยท v1.25.0
To start using the MCSB v1 baseline with PSRule, configure the baseline parameter to use Azure.MCSB.v1.
View the list of rules associated with the MCSB v1 baseline.
Experimental - Learn more
MCSB baselines are a work in progress and subject to change. We hope to add more rules to the baseline in the future. Join or start a discussion to let us know how we can improve this feature going forward.
Note
It's important to note that the MCSB v1 baseline is subset of rules from the Well-Architected Framework. Not all rules for the Well-Architected Framework are included in MCSB. Using the MCSB v1 baseline is useful to understand alignment with the MCSB and other industry frameworks / standards. For a complete set of rules for the Well-Architected Framework, consider using a quarterly baseline.