AC_AZURE_0070 | Ensure that Activity Log Alert exists for Delete Public IP Address rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0071 | Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0069 | Ensure that Activity Log Alert exists for Create or Update Public IP Address rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0072 | Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0026 | Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0410 | Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | Azure | Resilience | MEDIUM |
AC_AZURE_0126 | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0128 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0038 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0045 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0046 | Ensure 'Additional email addresses' is Configured with a Security Contact Email | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0375 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Compliance Validation | LOW |
AC_AZURE_0376 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0028 | Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. | Azure | Data Protection | HIGH |
AC_AZURE_0059 | Ensure that HTTP(S) access from the Internet is evaluated and restricted | Azure | Infrastructure Security | LOW |
AC_AZURE_0370 | Ensure that 'Public access level' is disabled for storage accounts with blob containers | Azure | Infrastructure Security | HIGH |
AC_AZURE_0047 | Ensure That 'All users with the following roles' is set to 'Owner' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0339 | Ensure that Activity Log Alert exists for Create or Update Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0344 | Ensure that Activity Log Alert exists for Delete Policy Assignment | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0044 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0241 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_AZURE_0409 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0555 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0590 | Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | Azure | Resilience | MEDIUM |
AC_AZURE_0572 | Ensure Web App is using the latest version of TLS encryption - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0575 | Ensure Web App is using the latest version of TLS encryption - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0242 | Ensure Diagnostic Setting captures appropriate categories | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0333 | Ensure that Activity Log Alert exists for Delete Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0397 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Azure | Infrastructure Security | LOW |
AC_AZURE_0116 | Ensure FTP deployments are Disabled - azurerm_windows_function_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0334 | Ensure FTP deployments are Disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0372 | Ensure Default Network Access Rule for Storage Accounts is Set to Deny | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0571 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0584 | Ensure FTP deployments are Disabled - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
AC_AZURE_0194 | Ensure that Register with Azure Active Directory is enabled on App Service | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0569 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_app | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0412 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0085 | Ensure that logging for Azure Key Vault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_AZURE_0338 | Ensure that Activity Log Alert exists for Delete Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0343 | Ensure that Activity Log Alert exists for Create or Update Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0396 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0585 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_AZURE_0164 | Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0336 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0562 | Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | HIGH |
AC_AZURE_0567 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0568 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_linux_web_app | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0060 | Ensure that UDP access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |