Detections
Analytics
CISA SCuBA Microsoft 365 Power Platform v1.5.0
Audit Details
Name: CISA SCuBA Microsoft 365 Power Platform v1.5.0
Updated: 3/22/2025
Authority: TNS
Plugin: microsoft_azure
Revision: 1.0
Estimated Item Count: 8
File Details
Filename: CISA_SCuBA_M365_Power_Platform_v1.5.0.audit
Size: 48.5 kB
Audit Items
| Description | Categories |
|---|---|
| MS.POWERPLATFORM.1.1v1 - The ability to create production and sandbox environments SHALL be restricted to admins. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.1.2v1 - The ability to create trial environments SHALL be restricted to admins. | CONFIGURATION MANAGEMENT |
| MS.POWERPLATFORM.2.1v1 - A DLP policy SHALL be created to restrict connector access in the default Power Platform environment. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.2.2v1 - Non-default environments SHOULD have at least one DLP policy affecting them. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.3.1v1 - Power Platform tenant isolation SHALL be enabled. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.3.2v1 - An inbound/outbound connection allowlist SHOULD be configured. | CONFIGURATION MANAGEMENT |
| MS.POWERPLATFORM.4.1v1 - Content Security Policy (CSP) SHALL be enforced for model-driven and canvas Power Apps. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.5.1v1 - The ability to create Power Pages sites SHOULD be restricted to admins. | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |