AC_AWS_0071 | Ensure encryption at rest is enabled for AWS DocumentDB clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0079 | Ensure default encryption is enabled for AWS EBS Volumes | AWS | Data Protection | HIGH |
AC_AWS_0125 | Ensure public access is disabled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0179 | Ensure auto minor version upgrade is enabled for AWS MQ Brokers | AWS | Security Best Practices | MEDIUM |
AC_AWS_0180 | Ensure inter-cluster encryption is enabled for AWS MSK cluster | AWS | Data Protection | HIGH |
AC_AWS_0181 | Ensure that TLS-Only communication should be allowed between AWS MSK client and broker | AWS | Infrastructure Security | HIGH |
AC_AWS_0378 | Ensure all data stored is encrypted at-rest for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0426 | Ensure that initial login requires password reset for AWS IAM Users | AWS | Compliance Validation | HIGH |
AC_AWS_0446 | Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AZURE_0141 | Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0174 | Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure Image | Azure | Compliance Validation | LOW |
AC_AZURE_0281 | Ensure latest version of Azure Kubernetes Cluster is in use | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0310 | Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0320 | Ensure that boolean variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0417 | Ensure that the latest version of NSG flow log is being used via Azure Network Watcher Flow Log | Azure | Security Best Practices | MEDIUM |
AC_GCP_0287 | Ensure in-transit encryption is enabled for Google App Engine Standard App Version | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0288 | Ensure only selected container registries are allowed through Google Binary Authorization Policy | GCP | Security Best Practices | MEDIUM |
AC_K8S_0111 | Ensure for exposing Kubernetes workload to the internet, NodePort service is not used | Kubernetes | Infrastructure Security | LOW |
AC_K8S_0124 | Ensure envoy proxies are not configured in permissive mode in Istio Peer Authentication | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0126 | Ensure Kubernetes hot-patch daemonset for Log4j2 is applied | Kubernetes | Configuration and Vulnerability Analysis | HIGH |
AC_AWS_0058 | Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0067 | Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scope | AWS | Infrastructure Security | HIGH |
AC_AZURE_0019 | Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0556 | Ensure That No Custom Subscription Administrator Roles Exist | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0317 | Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0318 | Ensure That Sinks Are Configured for All Log Entries | GCP | Logging and Monitoring | LOW |
AC_GCP_0368 | Ensure Logging is enabled for HTTP(S) Load Balancer | GCP | Security Best Practices | MEDIUM |
AC_AWS_0040 | Ensure IAM policies with NotAction and NotResource are not attached or used | AWS | Identity and Access Management | HIGH |
AC_AWS_0221 | Ensure 'allow put actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0413 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AZURE_0161 | Ensure that kubernetes dashboard is disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0177 | Ensure latest TLS version is in use for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0178 | Ensure HTTPS is enabled for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0249 | Ensure that '.Net Framework' version is the latest in Azure App Service | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0386 | Ensure That 'Notify about alerts with the following severity' is Set to 'High' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0388 | Ensure guest users are disabled for Azure Role Assignment | Azure | Identity and Access Management | HIGH |
AC_AZURE_0400 | Ensure TLS connection is enabled for Azure PostgreSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0226 | Ensure secrets should be auto-rotated after not more than 90 days | AWS | Compliance Validation | HIGH |
AC_AWS_0470 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0416 | Ensure that traffic analytics is enabled via Azure Network Watcher Flow Log | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0418 | Ensure that Network Watcher is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_GCP_0036 | Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute Instance | GCP | Data Protection | MEDIUM |
AC_GCP_0038 | Ensure default setting for OSLogin is not overridden by Google Compute Instance | GCP | Identity and Access Management | LOW |
AC_AWS_0032 | Ensure a web application firewall is enabled for AWS CloudFront distribution | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0078 | Ensure customer managed keys (CMK) are used for server side encryption (SSE) of AWS DyanamoDB tables | AWS | Data Protection | MEDIUM |
AC_AWS_0101 | Ensure public access is disabled for AWS Elastic Kubernetes Service (EKS) API servers | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0106 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain | AWS | Identity and Access Management | HIGH |
AC_AWS_0232 | Ensure insecure SSL protocols are not configured for AWS CloudFront origin | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0384 | Ensure data encryption is enabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
AC_AWS_0391 | Ensure 'public IP on launch' is not enabled for AWS Subnets | AWS | Infrastructure Security | MEDIUM |