AC_GCP_0227 | Ensure FTP (TCP:20) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0235 | Ensure encryption is enabled for Google Cloud Storage Buckets | GCP | Infrastructure Security | MEDIUM |
AC_AWS_0606 | Ensure MFA Delete is enabled on S3 buckets | AWS | Security Best Practices | HIGH |
AC_AZURE_0040 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0053 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Infrastructure Security | HIGH |
AC_GCP_0315 | Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on' | GCP | Compliance Validation | LOW |
AC_AWS_0096 | Ensure encryption is enabled for AWS EFS file systems | AWS | Data Protection | HIGH |
AC_AWS_0317 | Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
AC_AWS_0318 | Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
AC_AWS_0370 | Ensure default VPC is not used for AWS VPC | AWS | Security Best Practices | MEDIUM |
AC_AWS_0509 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0514 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0517 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0528 | Ensure LDAP (UDP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0529 | Ensure LDAP (UDP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0534 | Ensure Memcached SSL (UDP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0544 | Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_K8S_0108 | Ensure Kubernetes rolebindings with get and patch Kubernetes roles are minimized in Kubernetes Role | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0038 | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0041 | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0094 | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | Identity and Access Management | MEDIUM |
AC_AWS_0058 | Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0067 | Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scope | AWS | Infrastructure Security | HIGH |
AC_AZURE_0019 | Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0556 | Ensure That No Custom Subscription Administrator Roles Exist | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0317 | Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0318 | Ensure That Sinks Are Configured for All Log Entries | GCP | Logging and Monitoring | LOW |
AC_GCP_0368 | Ensure Logging is enabled for HTTP(S) Load Balancer | GCP | Security Best Practices | MEDIUM |
AC_AWS_0160 | Ensure rotation for customer created CMKs is enabled | AWS | Data Protection | HIGH |
AC_AZURE_0590 | Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | Azure | Resilience | MEDIUM |
AC_K8S_0005 | Ensure that the Anonymous Auth is Not Enabled | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0009 | Ensure that the --rotate-certificates argument is not present or is set to true | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0040 | Ensure that a Client CA File is Configured | Kubernetes | Data Protection | MEDIUM |
AC_AWS_0562 | Ensure a log metric filter and alarm exist for CloudTrail configuration changes | AWS | Security Best Practices | HIGH |
AC_AWS_0575 | Ensure that Object-level logging for read events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
AC_AWS_0598 | Ensure a support role has been created to manage incidents with AWS Support | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0602 | Ensure rotation for customer created symmetric CMKs is enabled | AWS | Data Protection | HIGH |
AC_AZURE_0194 | Ensure that Register with Azure Active Directory is enabled on App Service | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0327 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Data Protection | MEDIUM |
AC_AZURE_0569 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_app | Azure | Security Best Practices | MEDIUM |
AC_GCP_0277 | Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0308 | Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes | GCP | Logging and Monitoring | MEDIUM |
AC_AWS_0595 | Ensure access keys are rotated every 90 days or less | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0401 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_K8S_0024 | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0065 | Ensure that a unique Certificate Authority is used for etcd | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0095 | Ensure that the --authorization-mode argument includes Node | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0102 | Ensure impersonate access to Kubernetes resources is minimized in Kubernetes Role | Kubernetes | Identity and Access Management | HIGH |
AC_AZURE_0164 | Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |