AC_AWS_0136 | Ensure IAM password policy requires minimum length of 14 or greater | AWS | Compliance Validation | MEDIUM |
AC_AWS_0631 | Ensure AWS Security Hub is enabled | AWS | Infrastructure Security | MEDIUM |
AC_GCP_0006 | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0008 | Ensure that corporate login credentials are used | GCP | Identity and Access Management | LOW |
AC_K8S_0078 | Ensure 'readOnlyRootFileSystem' is set to true in Kubernetes workload configuration | Kubernetes | Identity and Access Management | MEDIUM |
AC_AWS_0172 | Ensure recommended SSL/TLS protocol version is used for AWS Elastic Load Balancers (ELB) | AWS | Infrastructure Security | HIGH |
AC_AWS_0233 | Ensure Cassandra Client (TCP:9042) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0508 | Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0523 | Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0524 | Ensure LDAP (TCP:389) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0526 | Ensure LDAP (TCP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0530 | Ensure Memcached SSL (TCP:11211) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0531 | Ensure Memcached SSL (TCP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0532 | Ensure Memcached SSL (TCP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0536 | Ensure Oracle DB (TCP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0537 | Ensure Oracle DB (TCP:2483) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0540 | Ensure Oracle DB (UDP:2483) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0633 | Ensure that IAM Access analyzer is enabled for all regions | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0210 | Ensure that Diagnostic Logs Are Enabled for All Services that Support it | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0370 | Ensure Instance IP assignment is set to private | GCP | Compliance Validation | LOW |
AC_K8S_0043 | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0096 | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0131 | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | Compliance Validation | MEDIUM |
S3_AWS_0016 | Ensure MFA Delete is enabled on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
AC_AZURE_0394 | Ensure only SSL connections are enabled for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0212 | Ensure there are no publicly writeable and readable AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AZURE_0414 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0101 | Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0254 | Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
AC_AWS_0133 | Ensure there is no IAM user with permanent programmatic access | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0046 | Ensure 'Additional email addresses' is Configured with a Security Contact Email | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0337 | Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0560 | Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_GCP_0240 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
AC_AWS_0065 | Ensure Amazon Relational Database Service (Amazon RDS) instance is not open to more than 256 hosts | AWS | Infrastructure Security | HIGH |
AC_AWS_0066 | Ensure Amazon Relational Database Service (Amazon RDS) instances do not have public interface defined | AWS | Infrastructure Security | HIGH |
AC_AWS_0135 | Ensure IAM password policy requires at least one uppercase letter | AWS | Compliance Validation | MEDIUM |
AC_AWS_0394 | Ensure secure ciphers are used for AWS CloudFront distribution | AWS | Data Protection | HIGH |
AC_AZURE_0366 | Ensure that 'Public access level' is set to Private for blob containers | Azure | Identity and Access Management | HIGH |
AC_GCP_0224 | Ensure Remote Desktop (TCP:3389) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_K8S_0034 | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_AZURE_0419 | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Azure | Resilience | MEDIUM |
AC_AZURE_0028 | Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. | Azure | Data Protection | HIGH |
AC_AZURE_0059 | Ensure that HTTP(S) access from the Internet is evaluated and restricted | Azure | Infrastructure Security | LOW |
AC_AZURE_0325 | Ensure that Microsoft Defender for Storage is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0326 | Ensure that Microsoft Defender for SQL servers on machines is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0330 | Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0370 | Ensure that 'Public access level' is disabled for storage accounts with blob containers | Azure | Infrastructure Security | HIGH |
AC_K8S_0061 | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0093 | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |