| AC_AWS_0065 | Ensure Amazon Relational Database Service (Amazon RDS) instance is not open to more than 256 hosts | AWS | Infrastructure Security | HIGH |
| AC_AWS_0066 | Ensure Amazon Relational Database Service (Amazon RDS) instances do not have public interface defined | AWS | Infrastructure Security | HIGH |
| AC_AWS_0135 | Ensure IAM password policy requires at least one uppercase letter | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0394 | Ensure secure ciphers are used for AWS CloudFront distribution | AWS | Data Protection | HIGH |
| AC_AZURE_0560 | Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_GCP_0240 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
| AC_GCP_0296 | Ensure Container-Optimized OS (cos_containerd) is used for GKE node images | GCP | Compliance Validation | LOW |
| AC_K8S_0060 | Ensure that the --auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
| AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
| AC_AZURE_0387 | Ensure That No Custom Subscription Owner Roles Are Created | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0419 | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Azure | Resilience | MEDIUM |
| AC_AZURE_0148 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
| AC_AZURE_0338 | Ensure that Activity Log Alert exists for Delete Security Solution | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0343 | Ensure that Activity Log Alert exists for Create or Update Network Security Group | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0396 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0585 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
| AC_GCP_0319 | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
| AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
| AC_AZURE_0085 | Ensure that logging for Azure Key Vault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
| AC_AWS_0603 | Ensure that public access is not given to Amazon Relational Database Service (Amazon RDS) Instance | AWS | Compliance Validation | MEDIUM |
| AC_K8S_0093 | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0116 | Ensure Kubernetes Network policy attached to a pod have Ingress/Egress blocks specified | Kubernetes | Infrastructure Security | MEDIUM |
| AC_AZURE_0264 | Ensure log profile is configured to capture all activities for Azure Monitor Log Profile | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0265 | Ensure Secrets are not exposed in customData used in Azure Virtual Machine | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0291 | Ensure that logging to Azure Monitoring is configured for Azure Kubernetes Cluster | Azure | Logging and Monitoring | MEDIUM |
| AC_K8S_0050 | Ensure custom snippets annotations is not set to true for Ingress-nginx controller deployment's Kubernetes Config Map | Kubernetes | Security Best Practices | HIGH |
| AC_AWS_0095 | Ensure potential PASSWORD information is not disclosed in container definition for AWS ECS service | AWS | Data Protection | HIGH |
| AC_AWS_0121 | Ensure cross zone load balancing is enabled for AWS ELB | AWS | Resilience | MEDIUM |
| AC_AWS_0141 | Ensure password policy requires minimal length of 7 for AWS IAM Account Password Policy | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0168 | Ensure there are no hard coded keys used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
| AC_AWS_0184 | Ensure deletion protection is enabled for AWS QLDB Ledger | AWS | Resilience | MEDIUM |
| AC_AWS_0447 | Ensure image tag is immutable for Amazon Elastic Container Registry (Amazon ECR) Repository | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0457 | Ensure environment variables are protected using AWS KMS keys for AWS Lambda Functions | AWS | Data Protection | HIGH |
| AC_AWS_0458 | Ensure principal is defined for every IAM policy attached to AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
| AC_AZURE_0133 | Ensure notification email address is configured for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0159 | Ensure Azure Active Directory (Azure AD) has been enabled in Azure Kubernetes Cluster | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0172 | Ensure Hyper-V generation uses v2 for Azure Image | Azure | Data Protection | LOW |
| AC_AZURE_0183 | Ensure consistency level is NOT set to 'Eventual' for Azure CosmosDB Account | Azure | Security Best Practices | LOW |
| AC_AZURE_0192 | Ensure auditing and monitoring is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
| AC_AWS_0609 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
| AC_AZURE_0544 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0553 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0565 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0566 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0581 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_linux_web_app | Azure | Identity and Access Management | MEDIUM |
| AC_GCP_0032 | Ensure Legacy Networks Do Not Exist for Older Projects | GCP | Infrastructure Security | LOW |
| AC_GCP_0037 | Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0261 | Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
| AC_GCP_0280 | Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets | GCP | Data Protection | MEDIUM |
| AC_GCP_0304 | Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK) | GCP | Data Protection | MEDIUM |
