AC_AWS_0218 | Ensure 'allow delete actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0377 | Ensure permissions are tightly controlled for AWS EFS File System | AWS | Identity and Access Management | HIGH |
AC_AWS_0385 | Ensure public access is disabled for Amazon Simple Notification Service (SNS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0411 | Ensure there is no IAM policy with empty SID value | AWS | Identity and Access Management | LOW |
AC_AWS_0416 | Ensure there is no IAM policy with a condition element having ForAnyValue Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0421 | Ensure there is no IAM policy with empty array resource | AWS | Identity and Access Management | LOW |
AC_AWS_0450 | Ensure no wildcards are being used in AWS API Gateway Rest API Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0475 | Ensure redundant resources are not used for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0476 | Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
AC_AWS_0491 | Ensure CloudTrail created sns policy have a condition key with either aws:SourceArn or aws:SourceAccount condition key used in Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0492 | Ensure use of NotAction with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0494 | Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0554 | Ensure there is only one active access key available for any single IAM user | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0555 | Ensure IAM instance roles are used for AWS resource access from instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0619 | Ensure AWS Lambda function permissions have a source ARN specified | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0187 | Ensure user id's are all system managed for Azure Container Group | Azure | Identity and Access Management | LOW |
AC_AZURE_0205 | Ensure cross account access is disabled for Azure SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0237 | Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0366 | Ensure that 'Public access level' is set to Private for blob containers | Azure | Identity and Access Management | HIGH |
AC_GCP_0004 | Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account | GCP | Identity and Access Management | LOW |
AC_GCP_0005 | Ensure That Service Account Has No Admin Privileges - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0006 | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0008 | Ensure that corporate login credentials are used | GCP | Identity and Access Management | LOW |
AC_GCP_0028 | Ensure Legacy Authorization (ABAC) is Disabled | GCP | Identity and Access Management | HIGH |
AC_GCP_0040 | Ensure That Instances Are Not Configured To Use the Default Service Account | GCP | Identity and Access Management | HIGH |
AC_GCP_0230 | Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | GCP | Identity and Access Management | HIGH |
AC_GCP_0245 | Ensure IAM roles do not impersonate or manage service accounts through Google Folder IAM Binding | GCP | Identity and Access Management | LOW |
AC_GCP_0268 | Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer | GCP | Identity and Access Management | LOW |
AC_K8S_0007 | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0073 | Ensure AppArmor profile is not set to runtime/default in Kubernetes workload configuration | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0077 | Ensure 'procMount' is set to default in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0081 | Ensure only allowed volume types are mounted for all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0087 | Minimize the admission of root containers | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0103 | Minimize access to create pods | Kubernetes | Identity and Access Management | HIGH |
S3_AWS_0009 | Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AWS_0024 | Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | LOW |
AC_AWS_0028 | Ensure IAM policies with wildcard (*) resource and NotAction are not attached or used | AWS | Identity and Access Management | HIGH |
AC_AWS_0043 | Ensure temporary passwords are not valid for more than 90 days | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0118 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain_policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0144 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached | AWS | Identity and Access Management | HIGH |
AC_AWS_0146 | Ensure IAM policies that allow full administrative privileges are not created and attached inline to a role | AWS | Identity and Access Management | HIGH |
AC_AWS_0195 | Ensure policy with iam:Passrole/* action and NotResource attributes is not used | AWS | Identity and Access Management | HIGH |
AC_AWS_0212 | Ensure there are no publicly writeable and readable AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0213 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached with control tower | AWS | Identity and Access Management | LOW |
AC_AWS_0217 | Ensure 'allow all actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0220 | Ensure 'allow list actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0222 | Ensure 'allow put or restore actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0365 | Ensure Amazon Simple Queue Service (SQS) is not exposed to public | AWS | Identity and Access Management | HIGH |
AC_AWS_0403 | Ensure that an API key is required on a method request for AWS API Gateway Method | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0415 | Ensure there is no IAM policy with a condition element having ForAllValues Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |