AC_AWS_0016 | Ensure Auto-scaling is configured for both index and tables in AWS DynamoDb | AWS | Compliance Validation | MEDIUM |
AC_AWS_0084 | Ensure public repositories are disabled for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | HIGH |
AC_AWS_0087 | Ensure there are no services with admin roles for Amazon Elastic Container Service (ECS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0088 | Ensure Amazon Elastic Container Service (ECS) clusters are placed in a VPC | AWS | Infrastructure Security | HIGH |
AC_AWS_0153 | Ensure virtual private cloud (VPC) is configured for AWS EC2 instances | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0154 | Ensure IMDSv1 is disabled for AWS EC2 instances | AWS | Infrastructure Security | HIGH |
AC_AWS_0170 | Ensure there are no hard coded scripts used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0430 | Ensure there are no unnamed AWS EC2 instances | AWS | Compliance Validation | LOW |
AC_AWS_0456 | Ensure IMDSv1 is disabled for AWS EC2 instances in AWS Launch Configuration | AWS | Infrastructure Security | HIGH |
AC_AWS_0463 | Ensure Transit Encryption is enabled for Amazon Elastic Container Service (ECS) Task Definition using Elastic File System (EFS) Volumes | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0505 | Ensure valid account number format is used in Amazon Elastic Container Registry (Amazon ECR) | AWS | Security Best Practices | LOW |
AC_AZURE_0151 | Ensure LinuxDiagnostic is enabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0155 | Ensure encryption is configured for Azure Kubernetes Cluster using a customer managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0157 | Ensure that pod security policy is enabled for Azure Kubernetes Cluster | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0173 | Ensure 'ReadOnly' cache is enabled on Data disks with read heavy operations to get higher read IOPS for Azure Image | Azure | Compliance Validation | LOW |
AC_AZURE_0186 | Ensure that admin user is disabled for Azure Container Registry | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0228 | Ensure that customer managed key is used for encryption for Azure Container Registry | Azure | Data Protection | MEDIUM |
AC_AZURE_0269 | Ensure that Accelerated Networking feature is enabled for Azure virtual machines (VMs) | Azure | Compliance Validation | LOW |
AC_AZURE_0288 | Ensure password authentication is disabled for Azure Linux Virtual Machine | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0300 | Ensure virtual network is used to deploy Azure Container Group | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0306 | Ensures that Active Directory is used for authentication for Azure Service Fabric Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0329 | Ensure custom script extensions are not used in Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0356 | Ensure every subnet block is configured with a Network Security Group in Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0363 | Ensure ssh keys are used to auth Azure Virtual Machine | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0369 | Ensure that VM agent is installed on Azure Virtual Machine | Azure | Compliance Validation | LOW |
AC_GCP_0021 | Ensure basic authentication is disabled on Google Container Cluster | GCP | Identity and Access Management | HIGH |
AC_GCP_0231 | Enable VPC Flow Logs and Intranode Visibility | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0242 | Ensure default service account is not used for project access in Google Container Cluster | GCP | Security Best Practices | HIGH |
AC_GCP_0290 | Ensure master authorized networks config block is set for Google Container Cluster | GCP | Infrastructure Security | LOW |
AC_GCP_0302 | Ensure security rule is configured for protection against Apache Log4j2 in Google Compute Security Policy | GCP | Infrastructure Security | HIGH |
AC_GCP_0368 | Ensure Logging is enabled for HTTP(S) Load Balancer | GCP | Security Best Practices | MEDIUM |
AC_GCP_0371 | Ensure That the Default Network Does Not Exist in a Project - google_compute_network | GCP | Infrastructure Security | LOW |
AC_K8S_0024 | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0029 | Ensure that the --secure-port argument is not set to 0 | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0035 | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0045 | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0054 | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0065 | Ensure that a unique Certificate Authority is used for etcd | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0066 | Ensure that a minimal audit policy is created | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0080 | Ensure that the seccomp profile is set to docker/default in pod definitions | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0083 | Minimize the admission of containers wishing to share the host IPC namespace | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0085 | Minimize the admission of containers with allowPrivilegeEscalation | Kubernetes | Compliance Validation | HIGH |
AC_K8S_0089 | Ensure that the Anonymous Auth is Not Enabled | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0091 | Ensure that the --token-auth-file parameter is not set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0092 | Ensure that the --kubelet-https argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0095 | Ensure that the --authorization-mode argument includes Node | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0128 | Minimize the admission of containers with added capabilities | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0130 | Ensure that the --profiling argument is set to false | Kubernetes | Compliance Validation | MEDIUM |
AC_AWS_0086 | Ensure container insights are enabled for Amazon Elastic Container Service (ECS) clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0089 | Ensure potential DATABASE information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |