AC_AWS_0128 | Ensure S3 encryption configuration is configured for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0129 | Ensure CloudWatch log encryption is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0162 | Ensure that access policy is updated for AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
AC_AWS_0165 | Ensure environment variables do not use AWS secret keys, access keys, or access tokens for AWS Lambda Functions | AWS | Identity and Access Management | HIGH |
AC_AWS_0216 | Ensure AWS S3 Bucket object ownership is more restrictive | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0377 | Ensure permissions are tightly controlled for AWS EFS File System | AWS | Identity and Access Management | HIGH |
AC_AWS_0406 | Ensure NotResource is removed from all AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0407 | Ensure Effect is set to 'Deny' if Resource is used in Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0422 | Ensure AWS Redshift Snapshot Retention Policy is more than 7 days | AWS | Compliance Validation | MEDIUM |
AC_AWS_0439 | Ensure authorization is enabled for AWS API Gateway Method | AWS | Infrastructure Security | HIGH |
AC_AWS_0450 | Ensure no wildcards are being used in AWS API Gateway Rest API Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0476 | Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
AC_AWS_0492 | Ensure use of NotAction with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0494 | Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0619 | Ensure AWS Lambda function permissions have a source ARN specified | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0138 | Ensure geo-redundant backups are enabled for Azure MariaDB Server | Azure | Resilience | MEDIUM |
AC_AZURE_0150 | Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale Set | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0187 | Ensure user id's are all system managed for Azure Container Group | Azure | Identity and Access Management | LOW |
AC_AZURE_0197 | Ensure custom script extensions are not used in Azure Windows Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0199 | Ensure HTTPS is allowed for Azure CDN Endpoint | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0200 | Ensure custom script extensions are not used in Azure Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0407 | Ensure geo-redundant backups are enabled for Azure PostgreSQL Server | Azure | Resilience | MEDIUM |
AC_AZURE_0548 | Ensure disk encryption is enabled for Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0551 | Ensure geo-redundant backups are enabled for Azure MySQL Flexible Server | Azure | Data Protection | HIGH |
AC_GCP_0272 | Ensure shielded nodes are enabled for all nodes in Google Container Cluster | GCP | Infrastructure Security | LOW |
AC_AWS_0200 | Ensure audit logging feature is enabled for AWS Redshift clusters | AWS | Logging and Monitoring | LOW |
AC_AWS_0205 | Ensure record sets are configured for AWS Route53HostedZones | AWS | Logging and Monitoring | HIGH |
AC_AZURE_0403 | Ensure email addresses are setup for Azure PostgreSQL Server | Azure | Compliance Validation | LOW |
AC_AZURE_0243 | Ensure that LocalGit repository folder is not set to 'wwwroot' for Azure App Service | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0250 | Ensure integration service environment are used for deployment of Azure Logic App Workflow | Azure | Security Best Practices | LOW |
AC_AZURE_0251 | Ensure key size is set on all keys for Azure Key Vault Key | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0277 | Ensure tags are associated with Azure CosmosDB Account | Azure | Compliance Validation | LOW |
AC_AZURE_0289 | Ensure HTTP application routing has been disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | HIGH |
AC_AZURE_0296 | Ensure that failed request tracing is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0540 | Ensure `force_password_change` is set to true for AzureAD User | Azure | Identity and Access Management | HIGH |
AC_GCP_0029 | Ensure stackdriver monitoring is enabled on Google Container Cluster | GCP | Logging and Monitoring | HIGH |
AC_K8S_0074 | Ensure kernel and system level calls are not configured in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_AWS_0021 | Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacks | AWS | Security Best Practices | MEDIUM |
AC_AWS_0022 | Ensure termination protection is enabled for AWS CloudFormation Stack | AWS | Security Best Practices | MEDIUM |
AC_AWS_0024 | Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | LOW |
AC_AWS_0043 | Ensure temporary passwords are not valid for more than 90 days | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0063 | Ensure delete protection is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Resilience | MEDIUM |
AC_AWS_0073 | Ensure KMS customer managed keys are used for encryption of AWS DocumentDB Clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0074 | Ensure log export is enabled for AWS DocumentDB clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0077 | Ensure read-write capacities are reserved for AWS DynamoDB tables | AWS | Compliance Validation | MEDIUM |
AC_AWS_0100 | Ensure control plane logging is enabled for all log types for AWS Elastic Kubernetes Service (EKS) clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0102 | Ensure redis version is compliant with AWS PCI-DSS requirements for AWS ElastiCache clusters | AWS | Compliance Validation | HIGH |
AC_AWS_0103 | Ensure memcached elasticache engines are not in use in AWS PCI-DSS environments for AWS ElastiCache clusters | AWS | Compliance Validation | HIGH |
AC_AWS_0107 | Ensure dedicated master nodes are enabled for AWS ElasticSearch Domains | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0108 | Ensure general purpose SSD node type is not used for AWS ElasticSearch Domains | AWS | Compliance Validation | HIGH |