AC_AZURE_0278 | Ensure HTTP is disallowed for Azure CDN Endpoint | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0329 | Ensure custom script extensions are not used in Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AWS_0212 | Ensure there are no publicly writeable and readable AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AZURE_0394 | Ensure only SSL connections are enabled for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0386 | Ensure that inline policy does not expose secrets in AWS Secrets Manager | AWS | Security Best Practices | HIGH |
AC_AZURE_0214 | Ensure Azure Keyvaults are used to store secrets | Azure | Data Protection | LOW |
AC_AZURE_0356 | Ensure every subnet block is configured with a Network Security Group in Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0385 | Ensure that standard pricing tiers are selected in Azure Security Center Subscription Pricing | Azure | Security Best Practices | MEDIUM |
AC_GCP_0233 | Ensure logging is enabled for Google Cloud Storage Buckets | GCP | Logging and Monitoring | LOW |
AC_AZURE_0350 | Ensure overprovisioning is disabled for Azure Windows Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
AC_GCP_0294 | Ensure the number of instances running simultaneously are limited for Google App Engine Standard App Version | GCP | Security Best Practices | LOW |
AC_AWS_0615 | Ensure AWS Lambda functions are configured to use provisioned concurrency | AWS | Resilience | LOW |
AC_AWS_0065 | Ensure Amazon Relational Database Service (Amazon RDS) instance is not open to more than 256 hosts | AWS | Infrastructure Security | HIGH |
AC_AWS_0066 | Ensure Amazon Relational Database Service (Amazon RDS) instances do not have public interface defined | AWS | Infrastructure Security | HIGH |
AC_AWS_0135 | Ensure IAM password policy requires at least one uppercase letter | AWS | Compliance Validation | MEDIUM |
AC_AWS_0394 | Ensure secure ciphers are used for AWS CloudFront distribution | AWS | Data Protection | HIGH |
AC_AZURE_0560 | Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_GCP_0240 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
AC_AZURE_0146 | Ensure log analytics workspace has daily quota value set for Azure Log Analytics Workspace | Azure | Compliance Validation | LOW |
AC_AWS_0579 | Ensure multiple availability zones are used to deploy AWS NAT Gateways | AWS | Security Best Practices | MEDIUM |
AC_AWS_0044 | Ensure 'password policy' is enabled - at least 1 lower case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0075 | Ensure deletion protection is enabled for AWS DocumentDB Clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0117 | Ensure latest TLS version is used for AWS ElasticSearch Nodes | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0154 | Ensure IMDSv1 is disabled for AWS EC2 instances | AWS | Infrastructure Security | HIGH |
AC_AWS_0367 | Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway Volumes | AWS | Security Best Practices | HIGH |
AC_AWS_0375 | Ensure server-side encryption (SSE) is enforced for AWS DynamoDB tables | AWS | Data Protection | MEDIUM |
AC_AWS_0376 | Ensure server side encryption (SSE) is using a customer-managed KMS Key for AWS DynamoDB tables | AWS | Data Protection | HIGH |
AC_AWS_0379 | Ensure all data stored is encrypted in-transit for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0380 | Ensure all data stored is encrypted in-transit and has auth token for authentication for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0423 | Ensure SSL is enforced for parameter groups associated with AWS Redshift clusters | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0463 | Ensure Transit Encryption is enabled for Amazon Elastic Container Service (ECS) Task Definition using Elastic File System (EFS) Volumes | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0576 | Ensure private subnets are not used to deploy AWS NAT Gateways | AWS | Data Protection | HIGH |
AC_AZURE_0095 | Ensure TLS 1.2 or greater is used for IoT Hub | Azure | Infrastructure Security | HIGH |
AC_AZURE_0151 | Ensure LinuxDiagnostic is enabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0168 | Ensure access level is set to 'Read' for Azure Managed Disk SAS Token | Azure | Data Protection | MEDIUM |
AC_AZURE_0173 | Ensure 'ReadOnly' cache is enabled on Data disks with read heavy operations to get higher read IOPS for Azure Image | Azure | Compliance Validation | LOW |
AC_AZURE_0220 | Ensure Customer Managed Key (CMK) is configured for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0228 | Ensure that customer managed key is used for encryption for Azure Container Registry | Azure | Data Protection | MEDIUM |
AC_AZURE_0288 | Ensure password authentication is disabled for Azure Linux Virtual Machine | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0298 | Ensure that Azure Data Explorer uses double encryption in Azure Kusto Cluster | Azure | Data Protection | MEDIUM |
AC_AZURE_0318 | Ensure that integer variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0415 | Ensure that the retention policy is enabled for Azure Network Watcher Flow Log | Azure | Resilience | MEDIUM |
AC_K8S_0110 | Ensure that the Tiller Service (Helm v2) is not deployed for Kubernetes service | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0119 | Ensure protocols are explicitly declared where possible for Istio Services | Kubernetes | Security Best Practices | MEDIUM |
AC_AWS_0142 | Ensure IAM password policy requires minimum length of 14 or greater | AWS | Compliance Validation | MEDIUM |
AC_AWS_0196 | Ensure IAM Policy does not Allow with NotPrincipal | AWS | Identity and Access Management | HIGH |
AC_AWS_0219 | Ensure 'allow get actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0412 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with value not following standard CIDR | AWS | Identity and Access Management | LOW |
AC_AWS_0414 | Ensure there is no IAM policy with a condition element having NotIpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0417 | Ensure there is no IAM policy with a condition element having IfExists Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |