| S3_AWS_0001 | Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets - Terraform Version 1.x | AWS | Data Protection | HIGH |
| AC_AWS_0096 | Ensure encryption is enabled for AWS EFS file systems | AWS | Data Protection | HIGH |
| AC_AWS_0317 | Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
| AC_AWS_0318 | Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
| AC_AWS_0370 | Ensure default VPC is not used for AWS VPC | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0509 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0514 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0517 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0528 | Ensure LDAP (UDP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0529 | Ensure LDAP (UDP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0534 | Ensure Memcached SSL (UDP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0544 | Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_K8S_0108 | Ensure Kubernetes rolebindings with get and patch Kubernetes roles are minimized in Kubernetes Role | Kubernetes | Identity and Access Management | MEDIUM |
| AC_AWS_0233 | Ensure Cassandra Client (TCP:9042) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0508 | Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0523 | Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0524 | Ensure LDAP (TCP:389) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0526 | Ensure LDAP (TCP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0530 | Ensure Memcached SSL (TCP:11211) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0531 | Ensure Memcached SSL (TCP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0532 | Ensure Memcached SSL (TCP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0536 | Ensure Oracle DB (TCP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0537 | Ensure Oracle DB (TCP:2483) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0540 | Ensure Oracle DB (UDP:2483) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_K8S_0078 | Ensure 'readOnlyRootFileSystem' is set to true in Kubernetes workload configuration | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0014 | Ensure Kubernetes Network policy does not allow ingress from public IPs to query DNS | Kubernetes | Infrastructure Security | HIGH |
| AC_K8S_0015 | Ensure Kubernetes Network policy does not allow ingress from public IPs to SSH | Kubernetes | Infrastructure Security | HIGH |
| AC_K8S_0016 | Ensure Kubernetes Network policy does not allow ingress from public IPs to access sql servers | Kubernetes | Infrastructure Security | HIGH |
| AC_K8S_0017 | Ensure Kubernetes Network policy does not allow ingress from public IPs to access Redis servers | Kubernetes | Infrastructure Security | HIGH |
| AC_AWS_0193 | Ensure Auto Minor Version Upgrade feature is Enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0610 | Ensure no security groups allow ingress from ::/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
| AC_AWS_0212 | Ensure there are no publicly writeable and readable AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
| AC_AZURE_0394 | Ensure only SSL connections are enabled for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
| AC_AWS_0207 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
| AC_K8S_0059 | Ensure that the --client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
| AC_AWS_0058 | Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
| AC_AWS_0067 | Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scope | AWS | Infrastructure Security | HIGH |
| AC_AZURE_0019 | Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0556 | Ensure That No Custom Subscription Administrator Roles Exist | Azure | Identity and Access Management | MEDIUM |
| AC_GCP_0100 | Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
| AC_GCP_0132 | Ensure 'log_duration' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
| AC_GCP_0256 | Ensure that the 'log_temp_files' database flag for Cloud SQL PostgreSQL instance is set to '0' (on) | GCP | Compliance Validation | LOW |
| AC_GCP_0298 | Ensure 'log_executor_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
| S3_AWS_0017 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0065 | Ensure Amazon Relational Database Service (Amazon RDS) instance is not open to more than 256 hosts | AWS | Infrastructure Security | HIGH |
| AC_AWS_0066 | Ensure Amazon Relational Database Service (Amazon RDS) instances do not have public interface defined | AWS | Infrastructure Security | HIGH |
| AC_AZURE_0560 | Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_GCP_0240 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
| AC_GCP_0005 | Ensure That Service Account Has No Admin Privileges - google_project_iam_member | GCP | Identity and Access Management | HIGH |
| AC_AZURE_0315 | Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
