AC_AWS_0604 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
AC_AWS_0369 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
AC_GCP_0007 | Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level - google_project_iam_binding | GCP | Identity and Access Management | HIGH |
AC_GCP_0009 | Ensure That Cloud Audit Logging Is Configured Properly | GCP | Logging and Monitoring | LOW |
AC_GCP_0316 | Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_AWS_0586 | Ensure a log metric filter and alarm exist for unauthorized API calls | AWS | Security Best Practices | HIGH |
AC_AWS_0588 | Ensure a log metric filter and alarm exist for AWS Management Console authentication failures | AWS | Security Best Practices | HIGH |
AC_GCP_0313 | Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible | GCP | Data Protection | MEDIUM |
AC_GCP_0237 | Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_iam_binding | GCP | Identity and Access Management | MEDIUM |
AC_K8S_0129 | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | Compliance Validation | MEDIUM |
AC_AWS_0584 | Ensure CloudTrail log file validation is enabled | AWS | Logging and Monitoring | MEDIUM |
AC_GCP_0134 | Ensure That RDP Access Is Restricted From the Internet | GCP | Infrastructure Security | HIGH |
AC_GCP_0260 | Ensure That SSH Access Is Restricted From the Internet | GCP | Infrastructure Security | HIGH |
AC_AWS_0605 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0167 | Ensure the Key Vault is Recoverable | Azure | Data Protection | MEDIUM |
AC_AZURE_0408 | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | Azure | Infrastructure Security | HIGH |
AC_GCP_0033 | Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network | GCP | Logging and Monitoring | MEDIUM |
AC_AWS_0038 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
AC_GCP_0035 | Ensure Compute instances are launched with Shielded VM enabled | GCP | Infrastructure Security | LOW |
AC_AWS_0209 | Ensure MFA Delete is enable on S3 buckets | AWS | Security Best Practices | HIGH |
AC_AZURE_0322 | Ensure that Microsoft Defender for Key Vault is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0026 | Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | Azure | Data Protection | HIGH |
S3_AWS_0010 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0126 | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0432 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0606 | Ensure MFA Delete is enabled on S3 buckets | AWS | Security Best Practices | HIGH |
AC_AZURE_0040 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0053 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Infrastructure Security | HIGH |
AC_GCP_0024 | Ensure authentication using Client Certificates is Disabled | GCP | Identity and Access Management | MEDIUM |
AC_AWS_0140 | Ensure IAM password policy prevents password reuse | AWS | Compliance Validation | LOW |
AC_AWS_0144 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached | AWS | Identity and Access Management | HIGH |
AC_AWS_0594 | Ensure no 'root' user account access key exists | AWS | Identity and Access Management | HIGH |
AC_AWS_0601 | Ensure hardware MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
AC_AWS_0160 | Ensure rotation for customer created CMKs is enabled | AWS | Data Protection | HIGH |
AC_AZURE_0327 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Data Protection | MEDIUM |
AC_AZURE_0569 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_app | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0194 | Ensure that Register with Azure Active Directory is enabled on App Service | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0336 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0164 | Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_GCP_0001 | Ensure That Cloud SQL Database Instances Are Configured With Automated Backups | GCP | Resilience | MEDIUM |
AC_AWS_0556 | Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AWS_0561 | Ensure a log metric filter and alarm exist for IAM policy changes | AWS | Security Best Practices | HIGH |
AC_AWS_0568 | Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) | AWS | Security Best Practices | HIGH |
AC_AWS_0569 | Ensure a log metric filter and alarm exist for changes to network gateways | AWS | Security Best Practices | HIGH |
AC_AWS_0572 | Ensure a log metric filter and alarm exists for AWS Organizations changes | AWS | Security Best Practices | HIGH |
AC_AWS_0599 | Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0600 | Ensure there is only one active access key available for any single IAM user | AWS | Identity and Access Management | MEDIUM |
AC_GCP_0039 | Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances | GCP | Infrastructure Security | LOW |
AC_GCP_0225 | Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On' | GCP | Compliance Validation | LOW |