AC_GCP_0134 | Ensure That RDP Access Is Restricted From the Internet | GCP | Infrastructure Security | HIGH |
AC_GCP_0260 | Ensure That SSH Access Is Restricted From the Internet | GCP | Infrastructure Security | HIGH |
AC_AWS_0033 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | AWS | Logging and Monitoring | HIGH |
AC_AWS_0080 | Ensure EBS volume encryption is enabled | AWS | Data Protection | HIGH |
AC_AWS_0151 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
AC_AWS_0585 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0336 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0014 | Ensure That DNSSEC Is Enabled for Cloud DNS | GCP | Infrastructure Security | MEDIUM |
AC_AZURE_0164 | Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AWS_0582 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | AWS | Logging and Monitoring | HIGH |
AC_GCP_0039 | Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances | GCP | Infrastructure Security | LOW |
AC_GCP_0225 | Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On' | GCP | Compliance Validation | LOW |
AC_GCP_0238 | Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible - google_storage_bucket_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0249 | Ensure That Cloud SQL Database Instances Do Not Have Public IPs | GCP | Compliance Validation | MEDIUM |
AC_GCP_0257 | Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1' (Disabled) | GCP | Compliance Validation | LOW |
AC_AZURE_0086 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0122 | Ensure FTP deployments are Disabled - azurerm_linux_function_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0131 | Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0163 | Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0573 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0583 | Ensure FTP deployments are Disabled - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0232 | Ensure That IP Forwarding Is Not Enabled on Instances | GCP | Infrastructure Security | MEDIUM |
AC_AWS_0608 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0605 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0167 | Ensure the Key Vault is Recoverable | Azure | Data Protection | MEDIUM |
AC_AZURE_0408 | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | Azure | Infrastructure Security | HIGH |
AC_GCP_0033 | Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0099 | Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately | GCP | Compliance Validation | LOW |
AC_GCP_0299 | Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter | GCP | Compliance Validation | LOW |
AC_AWS_0038 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0626 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0612 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
AC_AWS_0627 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0634 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
AC_AWS_0140 | Ensure IAM password policy prevents password reuse | AWS | Compliance Validation | LOW |
AC_AWS_0144 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached | AWS | Identity and Access Management | HIGH |
AC_AWS_0594 | Ensure no 'root' user account access key exists | AWS | Identity and Access Management | HIGH |
AC_AWS_0601 | Ensure hardware MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
AC_AWS_0583 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |