AC_AWS_0418 | Ensure there is no IAM policy with Redundant action | AWS | Identity and Access Management | LOW |
AC_AZURE_0114 | Ensure HTTPS is enabled for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0117 | Ensure managed identity is used in Azure Windows Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0123 | Ensure managed identity is used in Azure Linux Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0175 | Ensure Azure RBAC (role-based access control) is used to control access to resources for Azure Function App | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0186 | Ensure that admin user is disabled for Azure Container Registry | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0188 | Ensure end-to-end TLS is enabled to encrypt and securely transmit sensitive data to the backend for Azure Application Gateway | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0405 | Ensure admin auth is properly setup for Azure PostgreSQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0589 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0603 | Ensure that public access is not given to Amazon Relational Database Service (Amazon RDS) Instance | AWS | Compliance Validation | MEDIUM |
AC_K8S_0093 | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0116 | Ensure Kubernetes Network policy attached to a pod have Ingress/Egress blocks specified | Kubernetes | Infrastructure Security | MEDIUM |
AC_AWS_0151 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
AC_AWS_0585 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0017 | Ensure egress filter is set as 'DROP_ALL' for AWS Application Mesh | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0087 | Ensure there are no services with admin roles for Amazon Elastic Container Service (ECS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0088 | Ensure Amazon Elastic Container Service (ECS) clusters are placed in a VPC | AWS | Infrastructure Security | HIGH |
AC_AWS_0139 | Ensure password policy requires rotation every 60 days or less for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AWS_0203 | Ensure Enhanced VPC routing should be enabled for AWS Redshift Clusters | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0225 | Ensure network isolation is enabled for AWS SageMaker | AWS | Security Best Practices | MEDIUM |
AC_AZURE_0105 | Ensure that the attribute 'vulnerable_tls_cipher_suite' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0106 | Ensure that the attribute 'acr_authentication' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0107 | Ensure that the attribute 'baseline' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0145 | Ensure ingestion is not supported over public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0196 | Ensure that IP restrictions rules are configured for Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0252 | Ensure public IP addresses are disabled in Azure Databricks Workspaces | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0263 | Ensure public network access is disabled for Azure Batch Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0300 | Ensure virtual network is used to deploy Azure Container Group | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0309 | Ensure default network access rule is set to deny in Azure Storage Account Network Rules | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0316 | Ensure public network access disabled for Azure CosmosDB Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0321 | Ensure public access is disabled for Azure Managed Disk | Azure | Infrastructure Security | HIGH |
AC_GCP_0242 | Ensure default service account is not used for project access in Google Container Cluster | GCP | Security Best Practices | HIGH |
AC_GCP_0265 | Ensure sharing of service account credentials is restricted using Google Service Account | GCP | Security Best Practices | MEDIUM |
AC_GCP_0302 | Ensure security rule is configured for protection against Apache Log4j2 in Google Compute Security Policy | GCP | Infrastructure Security | HIGH |
AC_K8S_0122 | Ensure DENY-with-negative-matching exist for Istio Authorization Object | Kubernetes | Infrastructure Security | MEDIUM |
AC_AWS_0007 | Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0420 | Ensure there is no policy with Empty array Condition | AWS | Identity and Access Management | LOW |
AC_AZURE_0171 | Ensure zone resiliency is turned on for all Azure Image | Azure | Resilience | LOW |
AC_AZURE_0181 | Ensure Azure services are zone redundant for Azure Eventhub Namespace | Azure | Resilience | MEDIUM |
AC_AWS_0609 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AWS_0076 | Ensure point-in-time-recovery (PITR) is enabled for AWS DynamoDB tables | AWS | Resilience | MEDIUM |
AC_AWS_0153 | Ensure virtual private cloud (VPC) is configured for AWS EC2 instances | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0215 | Ensure bucket policy is enforced with least privileges for all AWS S3 buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0227 | Ensure Security Groups do not have unrestricted specific ports open - (SSH,22) | AWS | Infrastructure Security | HIGH |
AC_AWS_0229 | Ensure Security Groups do not have unrestricted specific ports open - (HTTPS,443) | AWS | Infrastructure Security | LOW |
AC_AWS_0236 | Ensure Security Groups do not have unrestricted specific ports open - SaltStack Master (TCP,4506) | AWS | Infrastructure Security | HIGH |
AC_AWS_0237 | Ensure Security Groups do not have unrestricted specific ports open - CIFS / SMB (TCP,3020) | AWS | Infrastructure Security | HIGH |
AC_AWS_0238 | Ensure Security Groups do not have unrestricted specific ports open - Cassandra OpsCenter agent (TCP,61621) | AWS | Infrastructure Security | HIGH |
AC_AWS_0242 | Ensure Security Groups do not have unrestricted specific ports open - Known internal web port (TCP,8080) | AWS | Infrastructure Security | HIGH |
AC_AWS_0256 | Ensure Security Groups do not have unrestricted specific ports open - NetBIOS Datagram Service (TCP,138) | AWS | Infrastructure Security | HIGH |