AC_AWS_0091 | Ensure potential TOKEN information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0092 | Ensure potential LICENSE information is not disclosed in plain text in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0180 | Ensure inter-cluster encryption is enabled for AWS MSK cluster | AWS | Data Protection | HIGH |
AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
AC_AWS_0378 | Ensure all data stored is encrypted at-rest for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0384 | Ensure data encryption is enabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
AC_AWS_0388 | Ensure field-level encryption is enabled for AWS CloudFront distribution | AWS | Data Protection | MEDIUM |
AC_AWS_0424 | Ensure direct access from the internet is disabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
AC_AWS_0446 | Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AWS_0545 | Ensure environment variables do not contain any credentials in AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AWS_0604 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
AC_AZURE_0128 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0148 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
AC_AZURE_0202 | Ensure access duration is set to 3600 seconds or less for Azure Managed Disk SAS Token | Azure | Data Protection | LOW |
AC_AZURE_0240 | Ensure SQL server's TDE protector is encrypted with Customer-managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0268 | Ensure geo-redundant backups are enabled for Azure MySQL Single Server | Azure | Data Protection | HIGH |
AC_AZURE_0301 | Ensure that key vault is used to encrypt data for Azure Batch Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0320 | Ensure that boolean variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0324 | Ensure that Microsoft Defender for Container Registries is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0345 | Ensure data exfiltration protection is enabled for Azure Synapse Workspace | Azure | Data Protection | MEDIUM |
AC_AZURE_0373 | Ensure that 'Secure transfer required' is set to 'Enabled' | Azure | Data Protection | HIGH |
AC_AZURE_0552 | Enable Role Based Access Control for Azure Key Vault | Azure | Data Protection | LOW |
AC_AZURE_0555 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0559 | Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests | Azure | Data Protection | MEDIUM |
AC_AZURE_0585 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_GCP_0280 | Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets | GCP | Data Protection | MEDIUM |
AC_GCP_0304 | Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK) | GCP | Data Protection | MEDIUM |
AC_K8S_0009 | Ensure that the --rotate-certificates argument is not present or is set to true | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0039 | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0040 | Ensure that a Client CA File is Configured | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0042 | Ensure that the --encryption-provider-config argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0067 | Ensure Kubernetes dashboard is not deployed | Kubernetes | Data Protection | MEDIUM |
S3_AWS_0015 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_AWS_0018 | Ensure encryption is enabled for AWS Athena Query | AWS | Data Protection | MEDIUM |
AC_AWS_0057 | Ensure CA certificate used is not older than 1 year for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0095 | Ensure potential PASSWORD information is not disclosed in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0098 | Ensure Customer Managed Keys (CMK) are used for encryption of AWS Elastic File System (EFS) | AWS | Data Protection | HIGH |
AC_AWS_0112 | Ensure encryption at-rest is enabled for AWS ElasticSearch Domains | AWS | Data Protection | HIGH |
AC_AWS_0114 | Ensure node-to-node encryption is enabled for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0130 | Ensure 'Job Bookmark Encryption' is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0160 | Ensure rotation for customer created CMKs is enabled | AWS | Data Protection | HIGH |
AC_AWS_0168 | Ensure there are no hard coded keys used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0178 | Ensure customer owned KMS key is used for encrypting AWS MQ Brokers | AWS | Data Protection | HIGH |
AC_AWS_0198 | Ensure encryption is enabled for AWS Redshift clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0206 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets | AWS | Data Protection | HIGH |
AC_AWS_0436 | Ensure automatic backups are enabled for AWS Elasticache Cluster | AWS | Data Protection | MEDIUM |
AC_AWS_0451 | Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log Group | AWS | Data Protection | HIGH |
AC_AWS_0457 | Ensure environment variables are protected using AWS KMS keys for AWS Lambda Functions | AWS | Data Protection | HIGH |
AC_AWS_0460 | Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery Stream | AWS | Data Protection | HIGH |