| AC_AWS_0578 | Ensure AWS NAT Gateways are used instead of default routes for AWS Route Table | AWS | Data Protection | HIGH |
| AC_AWS_0602 | Ensure rotation for customer created symmetric CMKs is enabled | AWS | Data Protection | HIGH |
| AC_AZURE_0026 | Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | Azure | Data Protection | HIGH |
| AC_AZURE_0164 | Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | Azure | Data Protection | HIGH |
| AC_AZURE_0172 | Ensure Hyper-V generation uses v2 for Azure Image | Azure | Data Protection | LOW |
| AC_AZURE_0315 | Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
| AC_AZURE_0322 | Ensure that Microsoft Defender for Key Vault is set to 'On' | Azure | Data Protection | MEDIUM |
| AC_AZURE_0327 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Data Protection | MEDIUM |
| AC_AZURE_0550 | Ensure disk encryption is enabled for Azure Windows Virtual Machine | Azure | Data Protection | MEDIUM |
| AC_AZURE_0558 | Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
| AC_AZURE_0563 | Ensure Private Endpoints are used to access Storage Accounts | Azure | Data Protection | MEDIUM |
| AC_AZURE_0564 | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | Azure | Data Protection | MEDIUM |
| AC_GCP_0036 | Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute Instance | GCP | Data Protection | MEDIUM |
| AC_GCP_0289 | Ensure cloud instance snapshots are encrypted through Google Compute Snapshot | GCP | Data Protection | MEDIUM |
| AC_K8S_0037 | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
| AC_K8S_0038 | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | Data Protection | MEDIUM |
| AC_K8S_0041 | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
| CIS_AZURE_0217 | Ensure Storage for Critical Data are Encrypted with Customer Managed Keys | Azure | Data Protection | MEDIUM |
| S3_AWS_0002 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets - Terraform Version 1.x | AWS | Data Protection | HIGH |
