AC_AZURE_0038 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0039 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0045 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0238 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0347 | Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging | GCP | Compliance Validation | LOW |
AC_AZURE_0058 | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Azure | Resilience | MEDIUM |
AC_GCP_0300 | Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning' | GCP | Compliance Validation | LOW |
AC_AWS_0007 | Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0171 | Ensure zone resiliency is turned on for all Azure Image | Azure | Resilience | LOW |
AC_AZURE_0181 | Ensure Azure services are zone redundant for Azure Eventhub Namespace | Azure | Resilience | MEDIUM |
AC_AWS_0552 | Ensure MFA is enabled for the "root user" account | AWS | Compliance Validation | HIGH |
AC_AZURE_0047 | Ensure That 'All users with the following roles' is set to 'Owner' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0066 | Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0339 | Ensure that Activity Log Alert exists for Create or Update Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0344 | Ensure that Activity Log Alert exists for Delete Policy Assignment | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0571 | Ensure a log metric filter and alarm exist for VPC changes | AWS | Security Best Practices | HIGH |
AC_AZURE_0572 | Ensure Web App is using the latest version of TLS encryption - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0575 | Ensure Web App is using the latest version of TLS encryption - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0307 | Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0311 | Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes | GCP | Logging and Monitoring | MEDIUM |
S3_AWS_0008 | Ensure that Object-level logging for write events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AZURE_0116 | Ensure FTP deployments are Disabled - azurerm_windows_function_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0334 | Ensure FTP deployments are Disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0372 | Ensure Default Network Access Rule for Storage Accounts is Set to Deny | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0571 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0577 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0584 | Ensure FTP deployments are Disabled - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0264 | Ensure log profile is configured to capture all activities for Azure Monitor Log Profile | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0265 | Ensure Secrets are not exposed in customData used in Azure Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0291 | Ensure that logging to Azure Monitoring is configured for Azure Kubernetes Cluster | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0315 | Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_K8S_0050 | Ensure custom snippets annotations is not set to true for Ingress-nginx controller deployment's Kubernetes Config Map | Kubernetes | Security Best Practices | HIGH |
AC_AWS_0057 | Ensure CA certificate used is not older than 1 year for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0095 | Ensure potential PASSWORD information is not disclosed in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0121 | Ensure cross zone load balancing is enabled for AWS ELB | AWS | Resilience | MEDIUM |
AC_AWS_0141 | Ensure password policy requires minimal length of 7 for AWS IAM Account Password Policy | AWS | Compliance Validation | MEDIUM |
AC_AWS_0168 | Ensure there are no hard coded keys used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0184 | Ensure deletion protection is enabled for AWS QLDB Ledger | AWS | Resilience | MEDIUM |
AC_AWS_0447 | Ensure image tag is immutable for Amazon Elastic Container Registry (Amazon ECR) Repository | AWS | Security Best Practices | MEDIUM |
AC_AWS_0457 | Ensure environment variables are protected using AWS KMS keys for AWS Lambda Functions | AWS | Data Protection | HIGH |
AC_AWS_0458 | Ensure principal is defined for every IAM policy attached to AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
AC_AZURE_0133 | Ensure notification email address is configured for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0159 | Ensure Azure Active Directory (Azure AD) has been enabled in Azure Kubernetes Cluster | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0165 | Ensure that only allowed key types are in use for Azure Key Vault Certificate | Azure | Compliance Validation | HIGH |
AC_AZURE_0172 | Ensure Hyper-V generation uses v2 for Azure Image | Azure | Data Protection | LOW |
AC_AZURE_0183 | Ensure consistency level is NOT set to 'Eventual' for Azure CosmosDB Account | Azure | Security Best Practices | LOW |
AC_AZURE_0190 | Ensure auto renew of certificates is turned off for Azure App Service Certificate Order | Azure | Infrastructure Security | LOW |
AC_AZURE_0192 | Ensure auditing and monitoring is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0557 | Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0558 | Ensure a log metric filter and alarm exist for Management Console sign-in without MFA | AWS | Security Best Practices | HIGH |