AC_AZURE_0143 | Ensure that 'Unattached disks' are encrypted in Azure Managed Disk | Azure | Data Protection | MEDIUM |
AC_AZURE_0179 | Ensure CORS is tightly controlled and managed for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0244 | Ensure remote debugging is turned off for Azure App Service | Azure | Infrastructure Security | HIGH |
AC_AZURE_0280 | Ensure accessibility is restricted up to 256 hosts in Azure SQL Firewall Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0390 | Ensure accessibility is restricted to 256 hosts for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0020 | Ensure private cluster is enabled for Google Container Cluster | GCP | Infrastructure Security | HIGH |
AC_AWS_0502 | Ensure valid account number format is used in Amazon Simple Notification Service (SNS) Topic | AWS | Security Best Practices | LOW |
AC_AZURE_0279 | Ensure notification email setting is enabled for Azure SQL Database Threat Detection Policy | Azure | Logging and Monitoring | LOW |
AC_AWS_0204 | Ensure CloudWatch logging is enabled for AWS Route53 hosted zones | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0387 | Ensure that access policy does not allow anonymous access for AWS Secrets Manager | AWS | Security Best Practices | HIGH |
AC_AWS_0035 | Ensure Amazon Simple Notification Service (SNS) topic is defined for notifying log file delivery for AWS CloudTrail | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0045 | Ensure 'password policy' is enabled - at least 1 upper case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0046 | Ensure 'password policy' is enabled - at least 1 symbol | AWS | Identity and Access Management | MEDIUM |
S3_AWS_0011 | Ensure there are no world-listable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AZURE_0161 | Ensure that kubernetes dashboard is disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0177 | Ensure latest TLS version is in use for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0178 | Ensure HTTPS is enabled for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0249 | Ensure that '.Net Framework' version is the latest in Azure App Service | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0386 | Ensure That 'Notify about alerts with the following severity' is Set to 'High' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0388 | Ensure guest users are disabled for Azure Role Assignment | Azure | Identity and Access Management | HIGH |
AC_AZURE_0400 | Ensure TLS connection is enabled for Azure PostgreSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0040 | Ensure IAM policies with NotAction and NotResource are not attached or used | AWS | Identity and Access Management | HIGH |
AC_AWS_0221 | Ensure 'allow put actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0413 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0200 | Ensure audit logging feature is enabled for AWS Redshift clusters | AWS | Logging and Monitoring | LOW |
AC_AWS_0205 | Ensure record sets are configured for AWS Route53HostedZones | AWS | Logging and Monitoring | HIGH |
AC_AZURE_0403 | Ensure email addresses are setup for Azure PostgreSQL Server | Azure | Compliance Validation | LOW |
AC_AWS_0161 | Ensure deletion window for Customer Managed Keys (CMK) is enabled for AWS Key Management Service (KMS) | AWS | Security Best Practices | HIGH |
AC_AWS_0047 | Ensure 'password policy' is enabled - at least 1 number | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0158 | Ensure sufficient data retention period is set for AWS Kinesis Streams | AWS | Resilience | MEDIUM |
AC_AZURE_0371 | Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access | Azure | Infrastructure Security | HIGH |
AC_GCP_0292 | Ensure that SSH access is restricted from the internet | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0293 | Ensure that SSH access is restricted from the internet | GCP | Infrastructure Security | LOW |
AC_AWS_0420 | Ensure there is no policy with Empty array Condition | AWS | Identity and Access Management | LOW |
AC_AZURE_0270 | Ensure CIFS / SMB (TCP:3020) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0273 | Ensure Cassandra (TCP:7001) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0274 | Ensure Cassandra (TCP:7001) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0275 | Ensure Cassandra (TCP:7001) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0377 | Ensure usage of names like 'Admin' are avoided for Azure SQL Server | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0378 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_AZURE_0424 | Ensure VNC Server (TCP:5900) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0428 | Ensure Telnet (TCP:23) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0431 | Ensure SaltStack Master (TCP:4506) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0436 | Ensure SaltStack Master (TCP:4505) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0438 | Ensure SQL Server Analysis (TCP:2383) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0443 | Ensure SNMP (Udp:161) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0453 | Ensure web port (TCP:3000) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0461 | Ensure POP3 (TCP:110) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0462 | Ensure POP3 (TCP:110) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0468 | Ensure Oracle DB SSL (TCP:2484) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |