| AC_K8S_0103 | Minimize access to create pods | Kubernetes | Identity and Access Management | HIGH |
| AC_GCP_0358 | Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | GCP | Logging and Monitoring | LOW |
| AC_GCP_0365 | Ensure API Keys Only Exist for Active Services | GCP | Security Best Practices | MEDIUM |
| S3_AWS_0003 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
| AC_AZURE_0261 | Ensure public network access is disabled for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0308 | Ensure public access is disabled for Azure MySQL Single Server | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0353 | Ensure a site-to-site VPN functionality by making use of Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0374 | Ensure a firewall is attached to Azure SQL Server | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0383 | Ensure that 'Threat Detection' is enabled for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
| AC_GCP_0248 | Ensure default service account is not used at organization level for Google Cloud | GCP | Identity and Access Management | HIGH |
| AC_K8S_0049 | Ensure ALLOW-with-positive-matching exist for Istio Authorization Object | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0097 | Ensure CPU request is set for Kubernetes workloads | Kubernetes | Security Best Practices | MEDIUM |
| AC_K8S_0118 | Ensure overly broad host configuration is not allowed for Istio Gateway | Kubernetes | Infrastructure Security | HIGH |
| AC_AWS_0097 | Ensure VPC is enabled for AWS Redshift Cluster | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0123 | Ensure access logging is enabled for AWS ELB | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0164 | Ensure VPC access is enabled for AWS Lambda Functions | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0392 | Ensure public IP address is not used AWS EC2 instances | AWS | Infrastructure Security | HIGH |
| AC_AWS_0399 | Ensure public IP address is not assigned to Amazon Elastic Container Service (ECS) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0578 | Ensure AWS NAT Gateways are used instead of default routes for AWS Route Table | AWS | Data Protection | HIGH |
| AC_AZURE_0092 | Ensure shared access policies are not used for IoT Hub Device Provisioning Service (DPS) | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0098 | Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0101 | Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to false | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0102 | Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0109 | Ensure public IP addresses are not assigned to Azure Linux Virtual Machines | Azure | Security Best Practices | HIGH |
| AC_AZURE_0206 | Ensure cross account access is disabled for Azure SQL Firewall Rule | Azure | Identity and Access Management | MEDIUM |
| AC_GCP_0259 | Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
| AC_AZURE_0272 | Ensure CIFS / SMB (TCP:3020) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0276 | Ensure Cassandra OpsCenter (TCP:61621) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0287 | Ensure SSH (TCP:22) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0351 | Ensure Azure Web Application Firewall Policy is enabled | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0381 | Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0391 | Ensure that firewall rules does not allow unrestricted access to Azure Redis Cache from other Azure sources | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0423 | Ensure VNC Server (TCP:5900) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0435 | Ensure SaltStack Master (TCP:4505) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0451 | Ensure Puppet Master (TCP:8140) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0456 | Ensure PostgreSQL (Udp:5432) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0458 | Ensure PostgreSQL (TCP:5432) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0463 | Ensure POP3 (TCP:110) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0464 | Ensure Oracle DB SSL (Udp:2484) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0467 | Ensure Oracle DB SSL (TCP:2484) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0475 | Ensure NetBIOS Session Service (TCP:139) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0485 | Ensure NetBIOS Name Service (TCP:137) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0499 | Ensure Memcached SSL (Udp:11215) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0501 | Ensure Memcached SSL (Udp:11214) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0503 | Ensure Memcached SSL (TCP:11215) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0504 | Ensure Memcached SSL (TCP:11215) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0509 | Ensure MSSQL Server (TCP:1433) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0512 | Ensure MSSQL Debugger (TCP:135) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0520 | Ensure MSSQL Admin (TCP:1434) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0522 | Ensure LDAP SSL (TCP:636) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
