diff --git a/checklists/datasecurity_checklist.en.json b/checklists/datasecurity_checklist.en.json index 55b269c6..11d49514 100644 --- a/checklists/datasecurity_checklist.en.json +++ b/checklists/datasecurity_checklist.en.json @@ -153,6 +153,8 @@ { "category": "", "subcategory": "", + "service": "Azure Data Factory", + "waf": "Security", "text": "Use Azure Key Vault secrets in pipeline activities", "description": "You can store credentials or secret values in an Azure Key Vault and use them during pipeline execution to pass to your activities.", "guid": "a3aec2c4-e243-46b0-936d-b55e17960eee", @@ -199,6 +201,7 @@ "subcategory": "", "text": "Disable access over public internet and configure either firewall rules or trusted services rules", "service": "Azure Data Factory", + "waf": "Security", "guid": "4e4f1854-287d-45cd-a126-cc032af5b1fc", "id": "F01.01", "severity": "Medium" @@ -242,6 +245,8 @@ "text": "Configure Private Links to connect to sources in customer Vnet and data factory", "description": "By using Azure Private Link, you can connect to various platform as a service (PaaS) deployments in Azure via a private endpoint. A private endpoint is a private IP address within a specific virtual network and subnet", "guid": "b47a393a-0804-4272-a479-8b1578b219a4", + "service": "Azure Data Factory", + "waf": "Security", "id": "G01.01", "severity": "Medium", "link": "https://learn.microsoft.com/azure/data-factory/data-factory-private-link" @@ -297,6 +302,7 @@ "text": "Use Azure Key Vault secrets in pipeline activities", "description": "You can store credentials or secret values in an Azure Key Vault and use them during pipeline execution to pass to your activities.", "service": "Azure Data Factory", + "waf": "Security", "guid": "6f4a1652-bddd-4ea8-a487-cdec4861bc3b", "id": "H01.05", "severity": "Medium", @@ -308,6 +314,7 @@ "text": "Encrypt credentials for on-premises using SHIR data stores in Azure Data Factory", "description": "You can encrypt and store credentials for any of your on-premises data stores (linked services with sensitive information) on a machine with self-hosted integration runtime.", "service": "Azure Data Factory", + "waf": "Security", "guid": "c14aeb7e-66e8-4d9a-9bec-218e6436b173", "id": "H01.06", "severity": "Medium", @@ -635,6 +642,8 @@ "text": "Restrict workspace admins", "description": "Account admins can configure a workspace setting called RestrictWorkspaceAdmins to restrict workspace admins to only change a job owner to themselves and the job run as setting to a service principal that they have the Service Principal User role on.", "guid": "6b57dfc6-5546-41e1-a3e3-453a3c863964", + "waf": "Security", + "service": "Azure Databricks", "id": "P01.01", "severity": "High", "link": "https://learn.microsoft.com/azure/databricks/admin/workspace-settings/restrict-workspace-admins" @@ -653,6 +662,7 @@ { "category": "", "subcategory": "", + "waf": "Security", "text": "Regenerate/rotate keys if using them periodically", "guid": "42b16c21-d799-49a6-96f4-389a8f42c78e", "id": "R01.01", @@ -806,4 +816,4 @@ "waf": "Security", "timestamp": "October 21, 2024" } -} \ No newline at end of file +}