AC_AWS_0058 | Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0081 | Ensure AWS EBS Volume has a corresponding AWS EBS Snapshot | AWS | Data Protection | HIGH |
AC_AWS_0096 | Ensure encryption is enabled for AWS EFS file systems | AWS | Data Protection | HIGH |
AC_AWS_0170 | Ensure there are no hard coded scripts used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0188 | Ensure deletion protection is enabled for Amazon Relational Database Service (Amazon RDS) clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0364 | Ensure server side encryption (SSE) is enabled for Amazon Simple Notification Service (SNS) Topic | AWS | Data Protection | MEDIUM |
AC_AWS_0374 | Ensure data encryption is enabled for AWS X-Ray | AWS | Data Protection | HIGH |
AC_AWS_0375 | Ensure server-side encryption (SSE) is enforced for AWS DynamoDB tables | AWS | Data Protection | MEDIUM |
AC_AWS_0376 | Ensure server side encryption (SSE) is using a customer-managed KMS Key for AWS DynamoDB tables | AWS | Data Protection | HIGH |
AC_AWS_0379 | Ensure all data stored is encrypted in-transit for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0380 | Ensure all data stored is encrypted in-transit and has auth token for authentication for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0465 | Ensure secrets are encrypted using AWS KMS key for AWS Secrets Manager | AWS | Data Protection | MEDIUM |
AC_AWS_0576 | Ensure private subnets are not used to deploy AWS NAT Gateways | AWS | Data Protection | HIGH |
AC_AZURE_0066 | Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0155 | Ensure encryption is configured for Azure Kubernetes Cluster using a customer managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0168 | Ensure access level is set to 'Read' for Azure Managed Disk SAS Token | Azure | Data Protection | MEDIUM |
AC_AZURE_0214 | Ensure Azure Keyvaults are used to store secrets | Azure | Data Protection | LOW |
AC_AZURE_0228 | Ensure that customer managed key is used for encryption for Azure Container Registry | Azure | Data Protection | MEDIUM |
AC_AZURE_0298 | Ensure that Azure Data Explorer uses double encryption in Azure Kusto Cluster | Azure | Data Protection | MEDIUM |
AC_AZURE_0318 | Ensure that integer variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0323 | Ensure that Microsoft Defender for Kubernetes is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0329 | Ensure custom script extensions are not used in Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0347 | Ensure that automatic failover is enabled for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0554 | Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled' | Azure | Data Protection | LOW |
AC_GCP_0283 | Ensure KMS customer managed keys are used in Google Dataflow Job | GCP | Data Protection | MEDIUM |
AC_K8S_0054 | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_AWS_0048 | Ensure Elastic Block Store (EBS) volumes are encrypted through AWS Config | AWS | Data Protection | MEDIUM |
AC_AWS_0072 | Ensure backup retention period is set according to best practice for AWS DocumentDB clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0073 | Ensure KMS customer managed keys are used for encryption of AWS DocumentDB Clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0080 | Ensure EBS volume encryption is enabled | AWS | Data Protection | HIGH |
AC_AWS_0166 | Ensure at-rest data encryption is enabled for AWS ECS clusters | AWS | Data Protection | LOW |
AC_AWS_0167 | Ensure at-rest data encryption is enabled for AWS EBS Root Block cluster | AWS | Data Protection | HIGH |
AC_AWS_0169 | Ensure there are no URL references used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0182 | Ensure storage encryption is enabled for AWS Neptune cluster | AWS | Data Protection | HIGH |
AC_AWS_0185 | Ensure external principals are allowed for AWS RAM resources | AWS | Data Protection | MEDIUM |
AC_AWS_0371 | Ensure user volumes are encrypted for the AWS Workspaces | AWS | Data Protection | MEDIUM |
AC_AWS_0394 | Ensure secure ciphers are used for AWS CloudFront distribution | AWS | Data Protection | HIGH |
AC_AWS_0461 | Ensure AWS ECR Repository uses KMS for server-side encryption | AWS | Data Protection | MEDIUM |
AC_AWS_0591 | Ensure EBS Volume Encryption is Enabled in all Regions | AWS | Data Protection | HIGH |
AC_AWS_0616 | Ensure Code Signing is enabled for AWS Lambda functions | AWS | Data Protection | HIGH |
AC_AZURE_0079 | Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) | Azure | Data Protection | MEDIUM |
AC_AZURE_0152 | Ensure disk encryption is enabled for Azure Linux Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
AC_AZURE_0163 | Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0167 | Ensure the Key Vault is Recoverable | Azure | Data Protection | MEDIUM |
AC_AZURE_0284 | Ensure that 'Unattached disks' are encrypted with CMK | Azure | Data Protection | MEDIUM |
AC_AZURE_0349 | Ensure disk encryption is enabled for Azure Windows Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
AC_AZURE_0379 | Ensure data encryption is enabled for Azure Synapse SQL Pool | Azure | Data Protection | MEDIUM |
AC_AZURE_0557 | Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
AC_GCP_0313 | Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible | GCP | Data Protection | MEDIUM |
AC_K8S_0020 | Ensure kube-controller-manager (affected versions of kube-controller-manager: v1.18.0, v1.17.0 - v1.17.4, v1.16.0 - v1.16.8, and v1.15.11) are not vulnerable to CVE-2020-8555 | Kubernetes | Data Protection | MEDIUM |