AC_AZURE_0127 | Ensure that Azure Active Directory Admin is configured for Azure MySQL Single Server | Azure | Identity and Access Management | HIGH |
AC_AZURE_0130 | Ensure advanced threat protection is used for Azure MySQL Single Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0184 | Ensure to filter source IP's for Azure CosmosDB Account | Azure | Infrastructure Security | HIGH |
AC_AZURE_0235 | Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0238 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0252 | Ensure public IP addresses are disabled in Azure Databricks Workspaces | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0316 | Ensure public network access disabled for Azure CosmosDB Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0347 | Ensure that automatic failover is enabled for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0401 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_AZURE_0405 | Ensure admin auth is properly setup for Azure PostgreSQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0410 | Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | Azure | Resilience | MEDIUM |
AC_AZURE_0545 | Ensure usage of names like 'Admin' are avoided for Azure SQL Server | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0589 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0003 | Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses | GCP | Infrastructure Security | HIGH |
AC_GCP_0133 | Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter | GCP | Compliance Validation | LOW |
AC_GCP_0250 | Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off' | GCP | Compliance Validation | LOW |
AC_GCP_0264 | Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value | GCP | Compliance Validation | LOW |
AC_GCP_0300 | Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning' | GCP | Compliance Validation | LOW |
AC_GCP_0316 | Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0317 | Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0347 | Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging | GCP | Compliance Validation | LOW |
AC_AWS_0055 | Ensure the security best practices configuration is followed for Amazon Relational Database Service (Amazon RDS) instances | AWS | Security Best Practices | HIGH |
AC_AWS_0056 | Ensure automatic minor version upgrade is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0064 | Ensure CloudWatch logging is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0068 | Ensure public access is disabled for AWS Database Migration Service (DMS) instances | AWS | Data Protection | HIGH |
AC_AWS_0192 | Ensure database instances with an AWS Aurora cluster should have same accessibility | AWS | Compliance Validation | MEDIUM |
AC_AWS_0194 | Ensure latest generation of instance classes is used by Amazon Relational Database Service (Amazon RDS) instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0200 | Ensure audit logging feature is enabled for AWS Redshift clusters | AWS | Logging and Monitoring | LOW |
AC_AWS_0381 | Ensure public access is disabled for AWS Neptune cluster instances | AWS | Data Protection | MEDIUM |
AC_AWS_0382 | Ensure that cluster nodes are of given types for AWS Redshift Cluster | AWS | Compliance Validation | LOW |
AC_AWS_0422 | Ensure AWS Redshift Snapshot Retention Policy is more than 7 days | AWS | Compliance Validation | MEDIUM |
AC_AWS_0437 | Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshots | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0468 | Ensure encryption is enabled for AWS Athena Database | AWS | Data Protection | HIGH |
AC_AZURE_0135 | Ensure public access is disabled for Azure MSSQL Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0136 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0137 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0138 | Ensure geo-redundant backups are enabled for Azure MariaDB Server | Azure | Resilience | MEDIUM |
AC_AZURE_0201 | Ensure in-transit encryption is enabled for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0205 | Ensure cross account access is disabled for Azure SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0227 | Ensure advanced threat protection is enabled for Azure CosmosDB Account | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0237 | Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0241 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_AZURE_0294 | Ensure encryption is enabled for Azure Data Lake Store | Azure | Data Protection | MEDIUM |
AC_AZURE_0384 | Ensure that names like 'Admin' are not used for Azure SQL Server Active Directory Administrator | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0393 | Ensure regular security and operational updates are enabled for Azure Redis Cache | Azure | Security Best Practices | HIGH |
AC_AZURE_0403 | Ensure email addresses are setup for Azure PostgreSQL Server | Azure | Compliance Validation | LOW |
AC_AZURE_0407 | Ensure geo-redundant backups are enabled for Azure PostgreSQL Server | Azure | Resilience | MEDIUM |
AC_AZURE_0412 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0414 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0551 | Ensure geo-redundant backups are enabled for Azure MySQL Flexible Server | Azure | Data Protection | HIGH |