AC_K8S_0041 | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_AWS_0160 | Ensure rotation for customer created CMKs is enabled | AWS | Data Protection | HIGH |
AC_AZURE_0590 | Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | Azure | Resilience | MEDIUM |
AC_AWS_0562 | Ensure a log metric filter and alarm exist for CloudTrail configuration changes | AWS | Security Best Practices | HIGH |
AC_AWS_0575 | Ensure that Object-level logging for read events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
AC_AWS_0598 | Ensure a support role has been created to manage incidents with AWS Support | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0602 | Ensure rotation for customer created symmetric CMKs is enabled | AWS | Data Protection | HIGH |
AC_AZURE_0194 | Ensure that Register with Azure Active Directory is enabled on App Service | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0327 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Data Protection | MEDIUM |
AC_AZURE_0569 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_app | Azure | Security Best Practices | MEDIUM |
AC_GCP_0277 | Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0308 | Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes | GCP | Logging and Monitoring | MEDIUM |
AC_AZURE_0164 | Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0336 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0014 | Ensure That DNSSEC Is Enabled for Cloud DNS | GCP | Infrastructure Security | MEDIUM |
AC_AWS_0556 | Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AWS_0561 | Ensure a log metric filter and alarm exist for IAM policy changes | AWS | Security Best Practices | HIGH |
AC_AWS_0568 | Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) | AWS | Security Best Practices | HIGH |
AC_AWS_0569 | Ensure a log metric filter and alarm exist for changes to network gateways | AWS | Security Best Practices | HIGH |
AC_AWS_0572 | Ensure a log metric filter and alarm exists for AWS Organizations changes | AWS | Security Best Practices | HIGH |
AC_AWS_0599 | Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0600 | Ensure there is only one active access key available for any single IAM user | AWS | Identity and Access Management | MEDIUM |
AC_GCP_0001 | Ensure That Cloud SQL Database Instances Are Configured With Automated Backups | GCP | Resilience | MEDIUM |
AC_GCP_0281 | Ensure That Compute Instances Have Confidential Computing Enabled | GCP | Security Best Practices | MEDIUM |
AC_GCP_0301 | Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs | GCP | Identity and Access Management | HIGH |
AC_GCP_0039 | Ensure "Block Project-Wide SSH Keys" Is Enabled for VM Instances | GCP | Infrastructure Security | LOW |
AC_GCP_0225 | Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On' | GCP | Compliance Validation | LOW |
AC_GCP_0238 | Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible - google_storage_bucket_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0249 | Ensure That Cloud SQL Database Instances Do Not Have Public IPs | GCP | Compliance Validation | MEDIUM |
AC_GCP_0257 | Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1' (Disabled) | GCP | Compliance Validation | LOW |
AC_AWS_0608 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
AC_GCP_0232 | Ensure That IP Forwarding Is Not Enabled on Instances | GCP | Infrastructure Security | MEDIUM |
AC_K8S_0075 | Minimize the admission of containers with the NET_RAW capability | Kubernetes | Infrastructure Security | MEDIUM |
AC_AWS_0612 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
AC_AWS_0627 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
AC_K8S_0012 | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | Identity and Access Management | LOW |
AC_AWS_0634 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
AC_K8S_0011 | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | Compliance Validation | LOW |
AC_K8S_0101 | Minimize access to secrets | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0084 | Minimize the admission of containers wishing to share the host network namespace | Kubernetes | Infrastructure Security | MEDIUM |