AC_AWS_0509 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0514 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0517 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0528 | Ensure LDAP (UDP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0529 | Ensure LDAP (UDP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0534 | Ensure Memcached SSL (UDP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0544 | Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_K8S_0108 | Ensure Kubernetes rolebindings with get and patch Kubernetes roles are minimized in Kubernetes Role | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0010 | Ensure that the --read-only-port is disabled | Kubernetes | Identity and Access Management | LOW |
AC_K8S_0082 | Minimize the admission of containers wishing to share the host process ID namespace | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0106 | Ensure that the cluster-admin role is only used where required | Kubernetes | Identity and Access Management | HIGH |
AC_AWS_0058 | Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0067 | Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scope | AWS | Infrastructure Security | HIGH |
AC_AZURE_0019 | Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0556 | Ensure That No Custom Subscription Administrator Roles Exist | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0317 | Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0318 | Ensure That Sinks Are Configured for All Log Entries | GCP | Logging and Monitoring | LOW |
AC_GCP_0368 | Ensure Logging is enabled for HTTP(S) Load Balancer | GCP | Security Best Practices | MEDIUM |
AC_K8S_0008 | Ensure that a Client CA File is Configured | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0046 | Minimize the admission of privileged containers | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0104 | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | Identity and Access Management | HIGH |
AC_AWS_0595 | Ensure access keys are rotated every 90 days or less | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0401 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_K8S_0024 | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0065 | Ensure that a unique Certificate Authority is used for etcd | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0095 | Ensure that the --authorization-mode argument includes Node | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0102 | Ensure impersonate access to Kubernetes resources is minimized in Kubernetes Role | Kubernetes | Identity and Access Management | HIGH |
AC_AWS_0137 | Eliminate use of the root user for administrative and daily tasks | AWS | Compliance Validation | MEDIUM |
AC_AWS_0589 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AZURE_0070 | Ensure that Activity Log Alert exists for Delete Public IP Address rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0071 | Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0340 | Ensure that Activity Log alert exists for the Delete Network Security Group Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0554 | Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled' | Azure | Data Protection | LOW |
AC_K8S_0054 | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0130 | Ensure that the --profiling argument is set to false | Kubernetes | Compliance Validation | MEDIUM |
AC_AZURE_0248 | Ensure That 'PHP version' is the Latest, If Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AWS_0596 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
AC_AZURE_0323 | Ensure that Microsoft Defender for Kubernetes is set to 'On' | Azure | Data Protection | MEDIUM |
AC_K8S_0029 | Ensure that the --secure-port argument is not set to 0 | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0035 | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0092 | Ensure that the --kubelet-https argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_AWS_0049 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AWS_0434 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
AC_GCP_0367 | Ensure API Keys Are Rotated Every 90 Days | GCP | Security Best Practices | MEDIUM |
AC_AZURE_0410 | Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | Azure | Resilience | MEDIUM |
AC_GCP_0231 | Enable VPC Flow Logs and Intranode Visibility | GCP | Infrastructure Security | MEDIUM |
AC_K8S_0091 | Ensure that the --token-auth-file parameter is not set | Kubernetes | Identity and Access Management | MEDIUM |
AC_AZURE_0350 | Ensure overprovisioning is disabled for Azure Windows Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
AC_GCP_0294 | Ensure the number of instances running simultaneously are limited for Google App Engine Standard App Version | GCP | Security Best Practices | LOW |
AC_AWS_0615 | Ensure AWS Lambda functions are configured to use provisioned concurrency | AWS | Resilience | LOW |