AC_GCP_0168 | Ensure Unencrypted Mongo Instances (TCP:27017) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0172 | Ensure Unencrypted Memcached Instances (UDP:11211) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0174 | Ensure Unencrypted Memcached Instances (TCP:11211) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0175 | Ensure Unencrypted Memcached Instances (TCP:11211) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0176 | Ensure Unencrypted Memcached Instances (TCP:11211) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0178 | Ensure Elastic Search (TCP:9300) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0189 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0194 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0198 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0205 | Ensure Oracle DB (TCP:2483) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0215 | Ensure LDAP (TCP:389) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0216 | Ensure LDAP (TCP:389) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0221 | Ensure Hadoop Name Node (TCP:9000) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0223 | Ensure Remote Desktop (TCP:3389) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
S3_AWS_0002 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
AC_GCP_0319 | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
AC_AWS_0049 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AWS_0434 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0054 | Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Infrastructure Security | HIGH |
AC_AWS_0510 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0513 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0516 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0519 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0520 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0521 | Ensure Cassandra Thrift (TCP:9160) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0525 | Ensure LDAP (TCP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0535 | Ensure Memcached SSL (UDP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0539 | Ensure Oracle DB (UDP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0543 | Ensure Redis without SSL (TCP:6379) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_K8S_0105 | Ensure use of creating Kubernetes rolebindings and attaching Kubernetes roles is minimized in Kubernetes Role | Kubernetes | Identity and Access Management | HIGH |
AC_AZURE_0088 | Ensure App Service Authentication is set up for apps in Azure App Service | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0544 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0553 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0565 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0566 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0581 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_linux_web_app | Azure | Identity and Access Management | MEDIUM |
AC_AWS_0080 | Ensure EBS volume encryption is enabled | AWS | Data Protection | HIGH |
AC_AZURE_0570 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0038 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0039 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0045 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0238 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0347 | Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging | GCP | Compliance Validation | LOW |
AC_AWS_0098 | Ensure Customer Managed Keys (CMK) are used for encryption of AWS Elastic File System (EFS) | AWS | Data Protection | HIGH |
AC_AWS_0197 | Ensure KMS customer managed key (CMK) for encryption of AWS Redshift clusters | AWS | Security Best Practices | HIGH |
AC_AWS_0198 | Ensure encryption is enabled for AWS Redshift clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0206 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets | AWS | Data Protection | HIGH |
AC_AWS_0275 | Ensure no security groups is wide open to public, that is, allows traffic from 0.0.0.0/0 to ALL ports and protocols | AWS | Infrastructure Security | HIGH |
AC_AZURE_0563 | Ensure Private Endpoints are used to access Storage Accounts | Azure | Data Protection | MEDIUM |