Azure 安全基线Security baselines for Azure

Azure 安全基线有助于通过改进工具、跟踪和安全功能增强安全性。Security baselines for Azure help you strengthen security through improved tooling, tracking, and security features. 在为环境提供保护的同时,它们还提供了一致性体验。They also provide you a consistent experience when securing your environment.

Azure 安全基线侧重于以云为中心的控件区域。Security baselines for Azure focus on cloud-centric control areas. 这些控件与常见的安全基准检验一致,比如 Internet 安全中心 (CIS) 所描述的那些。These controls are consistent with well-known security benchmarks, such as those described by the Center for Internet Security (CIS). 我们的基线针对 Azure 安全基准检验中列出的控件区域提供相关指导。Our baselines provide guidance for the control areas listed in the Azure Security Benchmark.

每项建议包括以下信息:Each recommendation includes the following information:

  • Azure ID与建议内容对应的 Azure 安全基准检验 ID。Azure ID: The Azure Security Benchmark ID that corresponds to the recommendation.
  • 建议:紧跟 Azure ID 之后,建议会提供控件的高级说明。Recommendation: Following directly after the Azure ID, the recommendation provides a high-level description of the control.
  • 指导:此建议的原理阐述,以及关于如何实现建议的指南的链接。Guidance: The rationale for the recommendation and links to guidance on how to implement it. 如果 Azure 安全中心支持此建议,这些信息也会列出。If the recommendation is supported by Azure Security Center, that information will also be listed.
  • 责任:指示负责实现控件的用户。Responsibility: Who is responsible for implementing the control. 可能的情况有客户责任、Microsoft 责任或共享责任。Possible scenarios are customer responsibility, Microsoft responsibility, or shared responsibility.
  • Azure 安全中心监视:控件是否由 Azure 安全中心监视,并提供参考链接。Azure Security Center monitoring: Whether the control is monitored by Azure Security Center, with link to reference.

基线中包含了所有建议(包括不适用于此特定服务的建议),旨在提供有关 Azure 安全基准检验如何与每个服务相关的全面完整的信息和见解。All recommendations, including recommendations that are not applicable to this specific service, are included in the baseline to provide you a complete picture of how the Azure Security Benchmark relates to each service. 有时可能会出现因各种原因而不适用的控件,例如 IaaS/compute-centric 控件(如特定于 OS 配置管理的控件)可能不适用于 PaaS 服务。There may occasionally be controls that are not applicable for various reasons for example, IaaS/compute-centric controls (such as controls specific to OS configuration management) may not be applicable to PaaS services.

欢迎提供有关 Azure 服务安全基线的反馈。We welcome your feedback on the security baselines for Azure services. 建议在以下反馈区域中提供评论。We encourage you to provide comments in the feedback area below. 或者,如果你希望与 Azure 安全基准检验团队更私密地共享你的反馈,欢迎在 https://aka.ms/AzSecBenchmark 中填写表单。Or, if you prefer to share your input more privately with the Azure Security Benchmark team, you are welcome to fill out the form at https://aka.ms/AzSecBenchmark.