UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Azure SQL Database must only use approved firewall settings deemed by the organization to be secure, including denying azure services access to the server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-255347 ASQL-00-011950 SV-255347r879756_rule Medium
Description
Use of nonsecure firewall settings, such as allowing azure services to access the server, exposes the system to avoidable threats.
STIG Date
Microsoft Azure SQL Database Security Technical Implementation Guide 2023-06-12

Details

Check Text ( C-59020r877261_chk )
Azure SQL Database must only use approved firewall settings, including denying access to azure services and resources to the server. This option is denied by default in Azure SQL Database and should be left disabled if not otherwise documented and approved.

Obtain a list of approved firewall settings from the database documentation.

Verify that the "Allow Azure services and resources to access this server" option is disabled.
1. From the Azure Portal, navigate to the Azure SQL Database Dashboard.
2. Select "Set Server Firewall" on the top menu.
3. Under "Exceptions", review the "Allow Azure services and resources to access this server" option and verify that the value is not checked.

If the "Allow Azure services and resources to access this server" option is enabled, it must be necessary and specifically approved in the database documentation, otherwise this is a finding.
Fix Text (F-58964r871166_fix)
Assign the approved policy to Azure SQL Database.
1. From the Azure Portal Dashboard, click "Set Server Firewall".
2. Review the Allow Azure services and resources to access this server option.
3. Uncheck the box to "Deny Azure" services and resources to access this server.
4. Click "Save".

For more information about connection policies:
https://docs.microsoft.com/en-us/azure/azure-sql/database/connectivity-architecture