AC_AZURE_0207 | Ensure cross account access is disabled for Azure Redis Cache | Azure | Identity and Access Management | MEDIUM |
AC_AWS_0051 | Ensure event subscriptions are enabled for instance level events | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0052 | Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0053 | Ensure IAM authentication is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | MEDIUM |
AC_AWS_0059 | Ensure master username does not use commonly predicted usernames for Amazon Relational Database Service (Amazon RDS) instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0061 | Ensure active directory remains in use to authenticate users for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0069 | Ensure Multi-AZ is enabled for AWS Database Migration Service (DMS) instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0071 | Ensure encryption at rest is enabled for AWS DocumentDB clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0076 | Ensure point-in-time-recovery (PITR) is enabled for AWS DynamoDB tables | AWS | Resilience | MEDIUM |
AC_AWS_0078 | Ensure customer managed keys (CMK) are used for server side encryption (SSE) of AWS DyanamoDB tables | AWS | Data Protection | MEDIUM |
AC_AWS_0183 | Ensure IAM database authentication has been enabled for AWS Neptune cluster | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
AC_AWS_0193 | Ensure Auto Minor Version Upgrade feature is Enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0201 | Ensure allow version upgrade is enabled for AWS Redshift Clusters | AWS | Security Best Practices | LOW |
AC_AWS_0202 | Ensure AWS Redshift Cluster should not be using the default port (5439) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0378 | Ensure all data stored is encrypted at-rest for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AZURE_0003 | Ensure that 'Threat Detection' is enabled for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0044 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0128 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0132 | Ensure 'email account admins' is enabled for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0140 | Ensure public access is disabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0141 | Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0234 | Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0236 | Ensure that VA setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0240 | Ensure SQL server's TDE protector is encrypted with Customer-managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0259 | Ensure point-in-time-restore is enabled for Azure SQL Database | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0268 | Ensure geo-redundant backups are enabled for Azure MySQL Single Server | Azure | Data Protection | HIGH |
AC_AZURE_0279 | Ensure notification email setting is enabled for Azure SQL Database Threat Detection Policy | Azure | Logging and Monitoring | LOW |
AC_AZURE_0376 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0377 | Ensure usage of names like 'Admin' are avoided for Azure SQL Server | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0378 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_AZURE_0390 | Ensure accessibility is restricted to 256 hosts for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0396 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0400 | Ensure TLS connection is enabled for Azure PostgreSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0402 | Ensure audit log retention period is greater than 90 days for Azure PostgreSQL Server | Azure | Resilience | LOW |
AC_AZURE_0409 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0544 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0553 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0555 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0565 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0566 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0585 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_AZURE_0591 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0002 | Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL | GCP | Infrastructure Security | HIGH |
AC_GCP_0100 | Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0132 | Ensure 'log_duration' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
AC_GCP_0253 | Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' | GCP | Compliance Validation | LOW |
AC_GCP_0256 | Ensure that the 'log_temp_files' database flag for Cloud SQL PostgreSQL instance is set to '0' (on) | GCP | Compliance Validation | LOW |
AC_GCP_0261 | Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0280 | Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets | GCP | Data Protection | MEDIUM |