AC_GCP_0169 | Ensure Unencrypted Mongo Instances (TCP:27017) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0182 | Ensure Elastic Search (TCP:9200) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0184 | Ensure Cassandra Thrift (TCP:9160) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0186 | Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0196 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0197 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0209 | Ensure Oracle DB (TCP:1521) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0211 | Ensure LDAP (UDP:389) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0214 | Ensure LDAP (TCP:389) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0218 | Ensure CiscoSecure, Websm (TCP:9090) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_AWS_0157 | Ensure KMS customer managed keys are used for encryption in AWS Kinesis Streams | AWS | Data Protection | HIGH |
AC_AWS_0429 | Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets | AWS | Data Protection | HIGH |
AC_AWS_0547 | Ensure there is an encrypted connection between AWS CloudFront server and Origin server | AWS | Data Protection | HIGH |
AC_K8S_0025 | Ensure default name space is not in use in Kubernetes Namespace | Kubernetes | Security Best Practices | LOW |
AC_AWS_0004 | Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration date | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0006 | Ensure Amazon Machine Image (AMI) is not shared among multiple accounts | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0018 | Ensure encryption is enabled for AWS Athena Query | AWS | Data Protection | MEDIUM |
AC_AWS_0070 | Ensure auto minor version upgrade is enabled for AWS Database Migration Service (DMS) instances | AWS | Security Best Practices | MEDIUM |
AC_AWS_0109 | Ensure latest version of elasticsearch engine is used for AWS ElasticSearch Domains | AWS | Compliance Validation | MEDIUM |
AC_AWS_0112 | Ensure encryption at-rest is enabled for AWS ElasticSearch Domains | AWS | Data Protection | HIGH |
AC_AWS_0114 | Ensure node-to-node encryption is enabled for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0178 | Ensure customer owned KMS key is used for encrypting AWS MQ Brokers | AWS | Data Protection | HIGH |
AC_AWS_0451 | Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log Group | AWS | Data Protection | HIGH |
AC_AWS_0460 | Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery Stream | AWS | Data Protection | HIGH |
AC_AZURE_0134 | Ensure that minimum TLS version is set to 1.2 for Azure MSSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0224 | Ensure latest TLS/SSL version is in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0360 | Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale Set | Azure | Security Best Practices | MEDIUM |
AC_GCP_0016 | Ensure container-optimized OS (COS) is used for Google Container Node Pool | GCP | Compliance Validation | LOW |
AC_GCP_0289 | Ensure cloud instance snapshots are encrypted through Google Compute Snapshot | GCP | Data Protection | MEDIUM |
AC_AZURE_0114 | Ensure HTTPS is enabled for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0188 | Ensure end-to-end TLS is enabled to encrypt and securely transmit sensitive data to the backend for Azure Application Gateway | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0589 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0270 | Ensure Security Groups do not have unrestricted specific ports open - Oracle Database Server (TCP,1521) | AWS | Infrastructure Security | HIGH |
AC_AWS_0311 | Ensure Cassandra Client (TCP:9042) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0362 | Ensure MongoDB' (TCP,27017) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0511 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0512 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0518 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0522 | Ensure Cassandra Thrift (TCP:9160) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0541 | Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0121 | Ensure HTTPS is enabled for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0125 | Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0354 | Ensure that VPN Encryption is enabled for Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0211 | Ensure AWS S3 Buckets are not listable for Authenticated users group | AWS | Identity and Access Management | HIGH |
AC_AWS_0017 | Ensure egress filter is set as 'DROP_ALL' for AWS Application Mesh | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0087 | Ensure there are no services with admin roles for Amazon Elastic Container Service (ECS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0088 | Ensure Amazon Elastic Container Service (ECS) clusters are placed in a VPC | AWS | Infrastructure Security | HIGH |
AC_AWS_0203 | Ensure Enhanced VPC routing should be enabled for AWS Redshift Clusters | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0225 | Ensure network isolation is enabled for AWS SageMaker | AWS | Security Best Practices | MEDIUM |