AC_GCP_0150 | Ensure Oracle DB SSL (TCP:2484) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0159 | Ensure LDAP SSL (TCP:636) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0162 | Ensure MSSQL Debugger (TCP:135) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0164 | Ensure MSSQL Debugger (TCP:135) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0167 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0171 | Ensure Unencrypted Memcached Instances (UDP:11211) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0173 | Ensure Unencrypted Memcached Instances (UDP:11211) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0177 | Ensure Elastic Search (TCP:9300) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0180 | Ensure Elastic Search (TCP:9200) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0185 | Ensure Cassandra Thrift (TCP:9160) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0187 | Ensure Cassandra Client (TCP:9042) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0202 | Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0203 | Ensure Oracle DB (UDP:2483) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0204 | Ensure Oracle DB (UDP:2483) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0206 | Ensure Oracle DB (TCP:2483) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0207 | Ensure Oracle DB (TCP:2483) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0208 | Ensure Oracle DB (TCP:1521) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0210 | Ensure Oracle DB (TCP:1521) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0220 | Ensure Hadoop Name Node (TCP:9000) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0226 | Ensure FTP (TCP:20) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0227 | Ensure FTP (TCP:20) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0235 | Ensure encryption is enabled for Google Cloud Storage Buckets | GCP | Infrastructure Security | MEDIUM |
AC_AWS_0096 | Ensure encryption is enabled for AWS EFS file systems | AWS | Data Protection | HIGH |
AC_AWS_0317 | Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
AC_AWS_0318 | Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
AC_AWS_0370 | Ensure default VPC is not used for AWS VPC | AWS | Security Best Practices | MEDIUM |
AC_AWS_0509 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0514 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0517 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0528 | Ensure LDAP (UDP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0529 | Ensure LDAP (UDP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0534 | Ensure Memcached SSL (UDP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0544 | Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_K8S_0108 | Ensure Kubernetes rolebindings with get and patch Kubernetes roles are minimized in Kubernetes Role | Kubernetes | Identity and Access Management | MEDIUM |
AC_AWS_0566 | Ensure a log metric filter and alarm exist for AWS Config configuration changes | AWS | Security Best Practices | HIGH |
AC_AWS_0587 | Ensure a log metric filter and alarm exist for usage of 'root' account | AWS | Security Best Practices | HIGH |
AC_AWS_0591 | Ensure EBS Volume Encryption is Enabled in all Regions | AWS | Data Protection | HIGH |
AC_AZURE_0025 | Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access | Azure | Infrastructure Security | HIGH |
AC_AZURE_0060 | Ensure that UDP access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
AC_AZURE_0562 | Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | HIGH |
AC_AZURE_0567 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0568 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_linux_web_app | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0582 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_windows_web_app | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0262 | Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured | GCP | Compliance Validation | LOW |
AC_GCP_0263 | Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges | GCP | Compliance Validation | LOW |
AC_GCP_0273 | Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0279 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0306 | Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0309 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0310 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes | GCP | Logging and Monitoring | MEDIUM |