S3_AWS_0008 | Ensure that Object-level logging for write events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AZURE_0327 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Data Protection | MEDIUM |
AC_AZURE_0569 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_app | Azure | Security Best Practices | MEDIUM |
AC_GCP_0277 | Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0308 | Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes | GCP | Logging and Monitoring | MEDIUM |
AC_AWS_0562 | Ensure a log metric filter and alarm exist for CloudTrail configuration changes | AWS | Security Best Practices | HIGH |
AC_AWS_0575 | Ensure that Object-level logging for read events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
AC_AWS_0598 | Ensure a support role has been created to manage incidents with AWS Support | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0602 | Ensure rotation for customer created symmetric CMKs is enabled | AWS | Data Protection | HIGH |
AC_AZURE_0194 | Ensure that Register with Azure Active Directory is enabled on App Service | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0086 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0122 | Ensure FTP deployments are Disabled - azurerm_linux_function_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0131 | Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0163 | Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0573 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0583 | Ensure FTP deployments are Disabled - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0570 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0591 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0116 | Ensure FTP deployments are Disabled - azurerm_windows_function_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0334 | Ensure FTP deployments are Disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0372 | Ensure Default Network Access Rule for Storage Accounts is Set to Deny | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0571 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0577 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0584 | Ensure FTP deployments are Disabled - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0336 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0014 | Ensure That DNSSEC Is Enabled for Cloud DNS | GCP | Infrastructure Security | MEDIUM |
AC_AZURE_0164 | Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AWS_0586 | Ensure a log metric filter and alarm exist for unauthorized API calls | AWS | Security Best Practices | HIGH |
AC_AWS_0588 | Ensure a log metric filter and alarm exist for AWS Management Console authentication failures | AWS | Security Best Practices | HIGH |
AC_GCP_0313 | Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible | GCP | Data Protection | MEDIUM |
AC_AWS_0564 | Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs | AWS | Security Best Practices | HIGH |
AC_AWS_0567 | Ensure a log metric filter and alarm exist for security group changes | AWS | Security Best Practices | HIGH |
AC_AWS_0597 | Ensure MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
AC_AWS_0557 | Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0558 | Ensure a log metric filter and alarm exist for Management Console sign-in without MFA | AWS | Security Best Practices | HIGH |
AC_AWS_0590 | Ensure the default security group of every VPC restricts all traffic | AWS | Infrastructure Security | MEDIUM |
AC_GCP_0003 | Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses | GCP | Infrastructure Security | HIGH |
AC_GCP_0250 | Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off' | GCP | Compliance Validation | LOW |
AC_GCP_0264 | Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value | GCP | Compliance Validation | LOW |
AC_GCP_0291 | Ensure oslogin is enabled for a Project - google_compute_project_metadata | GCP | Security Best Practices | LOW |
AC_GCP_0314 | Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users | GCP | Identity and Access Management | HIGH |
S3_AWS_0007 | Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
AC_GCP_0001 | Ensure That Cloud SQL Database Instances Are Configured With Automated Backups | GCP | Resilience | MEDIUM |
AC_GCP_0281 | Ensure That Compute Instances Have Confidential Computing Enabled | GCP | Security Best Practices | MEDIUM |
AC_GCP_0301 | Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs | GCP | Identity and Access Management | HIGH |
AC_AWS_0556 | Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AWS_0561 | Ensure a log metric filter and alarm exist for IAM policy changes | AWS | Security Best Practices | HIGH |
AC_AWS_0568 | Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) | AWS | Security Best Practices | HIGH |
AC_AWS_0569 | Ensure a log metric filter and alarm exist for changes to network gateways | AWS | Security Best Practices | HIGH |