cis_2_1_23 — Defender for Key Vault not enabled¶

Summary

Severity: High · Pillar: Data · Chain role: ENABLER

Description¶

Defender for Key Vault detects unusual access patterns to secrets, keys, and certificates. Without it, credential theft from vaults will not trigger alerts.

Mapping¶

Framework	Control / Reference
NIST 800-53	SC-7
NIST 800-207	—
CIS Azure	2.1.23
MITRE ATT&CK Technique	T1552
MITRE ATT&CK Tactic	Credential Access
Zero-Trust Tenet	—
Framework tags	cis-azure-2.0, nist-800-53

Source¶

Rule defined at policies/azure/cis/defender/cis_2_1_23.rego.

View on GitHub