AC_AWS_0486 | Ensure there is no policy with an invalid principal key for Amazon Simple Queue Service (SQS) Queue | AWS | Identity and Access Management | LOW |
AC_AWS_0548 | Ensure logging is enabled for AWS CloudFront | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0620 | Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
AC_AZURE_0112 | Ensure Time To Live (TTL) of the DNS record is not more than 60 minutes for Azure Private DNS Cname Record | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0127 | Ensure that Azure Active Directory Admin is configured for Azure MySQL Single Server | Azure | Identity and Access Management | HIGH |
AC_AZURE_0221 | Ensure CORS is configured to allow only trusted clients for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0222 | Ensure failing azure functions have email alerts configured for Azure Monitor Action Group | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0267 | Ensure that 'Phone number' is set for Azure Security Center Contact | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0269 | Ensure that Accelerated Networking feature is enabled for Azure virtual machines (VMs) | Azure | Compliance Validation | LOW |
AC_AZURE_0297 | Ensure that Azure Files are used for Azure App Service | Azure | Resilience | MEDIUM |
AC_AZURE_0302 | Ensure read, write and delete request logging is enabled for queue service in Azure Storage Account | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0306 | Ensures that Active Directory is used for authentication for Azure Service Fabric Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0363 | Ensure ssh keys are used to auth Azure Virtual Machine | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0369 | Ensure that VM agent is installed on Azure Virtual Machine | Azure | Compliance Validation | LOW |
AC_AZURE_0541 | Ensure permission type is not set to 'Admin' in oauth2_permissions for AzureAD Application | Azure | Identity and Access Management | HIGH |
AC_GCP_0290 | Ensure master authorized networks config block is set for Google Container Cluster | GCP | Infrastructure Security | LOW |
AC_K8S_0127 | Ensure metadata annotations are restricted in an Ingress object | Kubernetes | Infrastructure Security | HIGH |
AC_AWS_0611 | Ensure AWS Security Hub is enabled | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0342 | Ensure that RDP access is restricted from the internet | Azure | Infrastructure Security | HIGH |
AC_AZURE_0357 | Ensure that UDP Services are restricted from the Internet | Azure | Infrastructure Security | HIGH |
AC_K8S_0087 | Minimize the admission of root containers | Kubernetes | Identity and Access Management | HIGH |
AC_AWS_0593 | Ensure that IAM Access analyzer is enabled for all regions | AWS | Infrastructure Security | MEDIUM |
AC_K8S_0022 | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0027 | Ensure that the --insecure-bind-address argument is not set | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0037 | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0057 | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0117 | Ensure Kubernetes NetworkPolicy object is defined for every Kubernetes Namespace | Kubernetes | Infrastructure Security | MEDIUM |
AC_AZURE_0001 | Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0235 | Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0140 | Ensure IAM password policy prevents password reuse | AWS | Compliance Validation | LOW |
AC_AWS_0144 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached | AWS | Identity and Access Management | HIGH |
AC_AWS_0594 | Ensure no 'root' user account access key exists | AWS | Identity and Access Management | HIGH |
AC_AWS_0601 | Ensure hardware MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
AC_AZURE_0413 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0251 | Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
AC_AWS_0081 | Ensure AWS EBS Volume has a corresponding AWS EBS Snapshot | AWS | Data Protection | HIGH |
AC_AWS_0145 | Ensure that full access to edit IAM Policies is restricted | AWS | Identity and Access Management | HIGH |
AC_AWS_0374 | Ensure data encryption is enabled for AWS X-Ray | AWS | Data Protection | HIGH |
AC_AWS_0431 | Ensure cloud users don't have any direct permissions in AWS IAM Policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0445 | Ensure policies are used for AWS CloudFormation Stacks | AWS | Security Best Practices | MEDIUM |
AC_AWS_0453 | Ensure one target group is configured to listen on HTTPS for AWS Load Balancer | AWS | Infrastructure Security | HIGH |
AC_AWS_0462 | Ensure no policy is attached that may cause privilege escalation for AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0465 | Ensure secrets are encrypted using AWS KMS key for AWS Secrets Manager | AWS | Data Protection | MEDIUM |
AC_AWS_0469 | Ensure EMR cluster is Configured with Kerberos Authentication | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0473 | Ensure principal element is not empty in AWS IAM Trust Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0480 | Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |
AC_AWS_0488 | Ensure there is no IAM policy with invalid policy element | AWS | Identity and Access Management | LOW |
AC_AWS_0490 | Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked roles | AWS | Identity and Access Management | HIGH |
AC_AWS_0497 | Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0550 | Ensure actions '*' and resource '*' are not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |