| AC_AZURE_0139 | Ensure regular backups are enabled for Azure MariaDB Server | Azure | Resilience | MEDIUM |
| AC_AZURE_0253 | Ensure system-assigned managed identity authentication is used for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0290 | Ensure that Azure policies add-on are used for Azure Kubernetes Cluster | Azure | Security Best Practices | MEDIUM |
| AC_AZURE_0550 | Ensure disk encryption is enabled for Azure Windows Virtual Machine | Azure | Data Protection | MEDIUM |
| AC_GCP_0022 | Ensure PodSecurityPolicy controller is enabled on Google Container Cluster | GCP | Compliance Validation | HIGH |
| AC_GCP_0274 | Ensure OSLogin is enabled for centralized SSH key pair management using Google Project | GCP | Identity and Access Management | MEDIUM |
| AC_GCP_0275 | Ensure multi-factor authentication is enabled for Google Compute Project Metadata | GCP | Security Best Practices | LOW |
| AC_AZURE_0021 | Ensure Soft Delete is Enabled for Azure Containers and Blob Storage | Azure | Data Protection | MEDIUM |
| AC_AZURE_0061 | Ensure that SSH access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0062 | Ensure that RDP access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0191 | Ensure Web App is using the latest version of TLS encryption | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0232 | Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible | Azure | Infrastructure Security | HIGH |
| AC_AWS_0137 | Eliminate use of the root user for administrative and daily tasks | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0589 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
| AC_AZURE_0044 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
| AC_K8S_0062 | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0063 | Ensure that the --peer-auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
| AC_AZURE_0332 | Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
| AC_GCP_0336 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
| AC_AWS_0036 | Ensure CloudTrail log file validation is enabled | AWS | Logging and Monitoring | MEDIUM |
| AC_AZURE_0574 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0576 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AWS_0226 | Ensure secrets should be auto-rotated after not more than 90 days | AWS | Compliance Validation | HIGH |
| AC_AWS_0470 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy | AWS | Identity and Access Management | MEDIUM |
| AC_AZURE_0418 | Ensure that Network Watcher is 'Enabled' | Azure | Logging and Monitoring | HIGH |
| AC_GCP_0036 | Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute Instance | GCP | Data Protection | MEDIUM |
| AC_GCP_0038 | Ensure default setting for OSLogin is not overridden by Google Compute Instance | GCP | Identity and Access Management | LOW |
| AC_K8S_0054 | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
| AC_K8S_0130 | Ensure that the --profiling argument is set to false | Kubernetes | Compliance Validation | MEDIUM |
| S3_AWS_0003 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
| AC_GCP_0358 | Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | GCP | Logging and Monitoring | LOW |
| AC_GCP_0365 | Ensure API Keys Only Exist for Active Services | GCP | Security Best Practices | MEDIUM |
| AC_AWS_0555 | Ensure IAM instance roles are used for AWS resource access from instances | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0570 | Ensure a log metric filter and alarm exist for route table changes | AWS | Security Best Practices | HIGH |
| AC_GCP_0278 | Ensure Oslogin Is Enabled for a Project - google_compute_instance | GCP | Security Best Practices | LOW |
| AC_AZURE_0248 | Ensure That 'PHP version' is the Latest, If Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_GCP_0296 | Ensure Container-Optimized OS (cos_containerd) is used for GKE node images | GCP | Compliance Validation | LOW |
| AC_GCP_0016 | Ensure container-optimized OS (COS) is used for Google Container Node Pool | GCP | Compliance Validation | LOW |
| AC_GCP_0229 | Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) | GCP | Data Protection | MEDIUM |
| AC_GCP_0230 | Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | GCP | Identity and Access Management | HIGH |
| AC_GCP_0258 | Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
| AC_GCP_0259 | Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
| AC_AWS_0596 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
| AC_AZURE_0323 | Ensure that Microsoft Defender for Kubernetes is set to 'On' | Azure | Data Protection | MEDIUM |
| AC_AWS_0230 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
| AC_AWS_0427 | Ensure hardware MFA is enabled for the "root user" account | AWS | Compliance Validation | HIGH |
| AC_GCP_0040 | Ensure That Instances Are Not Configured To Use the Default Service Account | GCP | Identity and Access Management | HIGH |
| AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
| AC_AZURE_0387 | Ensure That No Custom Subscription Owner Roles Are Created | Azure | Identity and Access Management | MEDIUM |
| AC_AWS_0019 | Ensure there is no policy with Empty array Action | AWS | Identity and Access Management | LOW |
