| AC_AWS_0603 | Ensure that public access is not given to Amazon Relational Database Service (Amazon RDS) Instance | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0604 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
| AC_AWS_0605 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0606 | Ensure MFA Delete is enabled on S3 buckets | AWS | Security Best Practices | HIGH |
| AC_AWS_0607 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
| AC_AWS_0608 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0609 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
| AC_AWS_0610 | Ensure no security groups allow ingress from ::/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
| AC_AWS_0611 | Ensure AWS Security Hub is enabled | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0612 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
| AC_AWS_0613 | Ensure AWS Lambda function is configured with a Dead Letter Queue | AWS | Logging and Monitoring | LOW |
| AC_AWS_0614 | Ensure AWS Lambda Functions have associated tags | AWS | Compliance Validation | LOW |
| AC_AWS_0615 | Ensure AWS Lambda functions are configured to use provisioned concurrency | AWS | Resilience | LOW |
| AC_AWS_0616 | Ensure Code Signing is enabled for AWS Lambda functions | AWS | Data Protection | HIGH |
| AC_AWS_0618 | Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLs | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0619 | Ensure AWS Lambda function permissions have a source ARN specified | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0620 | Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
| AC_AWS_0626 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0627 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0628 | Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLs | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0631 | Ensure AWS Security Hub is enabled | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0632 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
| AC_AWS_0633 | Ensure that IAM Access analyzer is enabled for all regions | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0634 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
| AC_AWS_0646 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
| S3_AWS_0001 | Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets - Terraform Version 1.x | AWS | Data Protection | HIGH |
| S3_AWS_0002 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets - Terraform Version 1.x | AWS | Data Protection | HIGH |
| S3_AWS_0003 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
| S3_AWS_0004 | Ensure versioning is enabled for AWS S3 Buckets - Terraform Version 1.x | AWS | Resilience | HIGH |
| S3_AWS_0005 | Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
| S3_AWS_0006 | Ensure bucket policy is enforced with least privileges for all AWS S3 buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| S3_AWS_0007 | Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
| S3_AWS_0008 | Ensure that Object-level logging for write events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| S3_AWS_0009 | Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| S3_AWS_0010 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
| S3_AWS_0011 | Ensure there are no world-listable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| S3_AWS_0012 | Ensure AWS S3 Buckets are not world-listable for anonymous users - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| S3_AWS_0013 | Ensure there are no world-writeable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| S3_AWS_0014 | Ensure there are no world-readable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| S3_AWS_0015 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
| S3_AWS_0016 | Ensure MFA Delete is enabled on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
| S3_AWS_0017 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
