Evaluates whether any NAS permission group rule grants access to all IP addresses (0.0.0.0/0). A rule that does not use 0.0.0.0/0 as the authorized object is compliant.
Scenarios
Specify IP addresses or CIDR blocks in NAS permission group rules to restrict access to specific file systems and protect your cloud network.
Risk level
Default risk level: high.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
-
If 0.0.0.0/0 is not specified as the authorized object of any rule in any NAS permission group, the evaluation result is Compliant.
-
If 0.0.0.0/0 is specified as the authorized object of a rule in a NAS permission group, the evaluation result is Non-compliant. For more information about how to remediate a non-compliant configuration, see Non-compliance remediation.
Rule details
|
Item |
Description |
|
Rule name |
nas-access-group-public-access-check |
|
Rule identifier |
nas-access-group-public-access-check |
|
Tag |
NAS and AccessGroup |
|
Automatic remediation |
Not supported |
|
Trigger type |
Periodic execution |
|
Evaluation frequency |
Every 24 hours |
|
Supported resource type |
NAS file system |
|
Input parameter |
N/A |
Non-compliance remediation
Locate the non-compliant permission group and add a rule that restricts access. For more information, see Manage permission groups.