Azure SQL Database must only use approved firewall settings deemed by the organization to be secure, including denying public network access.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-255346	ASQL-00-011900	SV-255346r961470_rule	CCI-001762	medium
Description
Use of nonsecure firewall settings, such as allowing public access, exposes the system to avoidable threats.
STIG			Date
Microsoft Azure SQL Database Security Technical Implementation Guide			2025-06-11

Related Frameworks

3 paths across 3 frameworks

NIST 800-531 mapping

CM-7(1)

1.00

DISA · V2R3 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent

NIST 800-1711 mapping

3.4.7

1.00

DISA · V2R3 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

CCI1 mapping

CCI-001762

1.00

DISA · V2R3 · disa_xccdf · related

Details

Check Text (C-255346r961470_chk)

Azure SQL Database must only use approved firewall settings, including denying public network access. This value is allowed by default in Azure SQL Database and should be disabled if not otherwise documented and approved. Obtain a list of approved firewall settings from the database documentation. Verify that the public network access option is set to disabled. If the value is enabled and not in use and specifically approved in the database documentation, this is a finding. 1. From the Azure Portal Dashboard, click "Set Server Firewall". 2. Review the Allow Azure services and resources to access this server option.

Fix Text (F-58963r871163_fix)

Assign the approved policy to Azure SQL Database. 1. From the Azure Portal Dashboard, click on the database. 2. Click "Set Server Firewall". 3. Review the public network access option. 4. Check the box to "Disable" public network access. 5. Click "Save". For more information about connection policies: https://docs.microsoft.com/en-us/azure/azure-sql/database/connectivity-architecture