Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Policy Templates for ACR

Azure Container Registry (ACR)

Policy Templates for Container Security are used with Microsoft Azure Container Registry (ACR).

For instructions on how to find Policy templates that are new or updated due to changed recommendations, see Find New and Updated Policy Templates

Policy Name Resource Benchmark PCI DSS HIPAA NIST 800-53 Policy Description
ACR: Image Registry should not have more than 200 repositories ACR   Yes   SC-6, Resource Availability Image registry should have a limit on number of respositories
ACR: Repositories should not be exposed to everyone/ publicly for push actions ACR   Yes   SI-7, Software, Firmware, and Information Integrity.  Repository policy push actions should be avoided
ACR: Repositories should not be exposed to everyone/ publicly for pull actions ACR   Yes   SI-7, Software, Firmware, and Information Integrity.  Repository policy pull actions should be avoided
ACR: Repositories should not be exposed to everyone/ publicly for delete actions ACR   Yes   SI-7, Software, Firmware, and Information Integrity.  Repository policy delete actions should be avoided
ACR: Image tag immutability should be set correctly for repository ACR   Yes   SI-7, Software, Firmware, and Information Integrity.  Image Tag Immutability should be set correctly for the repository
ACR: Container Registries must not allow unrestricted network access ACR   Yes   SI-7, Software, Firmware, and Information Integrity.  Azure container registries by default accept connections over the internet from hosts to any network. To protect your registries from potential threats, allow access from only specific private endpoints, public IP addresses, or address ranges. If your registry doesn't have network rules configured, it will appear in the unhealthy resources.
  • Was this article helpful?