AC_AWS_0377 | Ensure permissions are tightly controlled for AWS EFS File System | AWS | Identity and Access Management | HIGH |
AC_AWS_0381 | Ensure public access is disabled for AWS Neptune cluster instances | AWS | Data Protection | MEDIUM |
AC_AWS_0382 | Ensure that cluster nodes are of given types for AWS Redshift Cluster | AWS | Compliance Validation | LOW |
AC_AWS_0385 | Ensure public access is disabled for Amazon Simple Notification Service (SNS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0397 | Ensure multiple ENI are not attached to a single AWS Instance | AWS | Security Best Practices | LOW |
AC_AWS_0406 | Ensure NotResource is removed from all AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0407 | Ensure Effect is set to 'Deny' if Resource is used in Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0411 | Ensure there is no IAM policy with empty SID value | AWS | Identity and Access Management | LOW |
AC_AWS_0416 | Ensure there is no IAM policy with a condition element having ForAnyValue Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0421 | Ensure there is no IAM policy with empty array resource | AWS | Identity and Access Management | LOW |
AC_AWS_0422 | Ensure AWS Redshift Snapshot Retention Policy is more than 7 days | AWS | Compliance Validation | MEDIUM |
AC_AWS_0427 | Ensure hardware MFA is enabled for the "root user" account | AWS | Compliance Validation | HIGH |
AC_AWS_0429 | Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets | AWS | Data Protection | HIGH |
AC_AWS_0437 | Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshots | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0439 | Ensure authorization is enabled for AWS API Gateway Method | AWS | Infrastructure Security | HIGH |
AC_AWS_0441 | Ensure HTTP2 is enabled for AWS LB (Load Balancer) | AWS | Infrastructure Security | LOW |
AC_AWS_0442 | Ensure access logging is enabled for AWS API Gateway V2 API | AWS | Security Best Practices | MEDIUM |
AC_AWS_0450 | Ensure no wildcards are being used in AWS API Gateway Rest API Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0452 | Ensure log retention policy is set for AWS CloudWatch Log Group | AWS | Security Best Practices | MEDIUM |
AC_AWS_0454 | Ensure one HTTPS listener is configured for AWS Load Balancer | AWS | Infrastructure Security | HIGH |
AC_AWS_0455 | Ensure monitoring is enabled for AWS Launch Configuration | AWS | Logging and Monitoring | HIGH |
AC_AWS_0459 | Ensure detailed monitoring is enabled for AWS EC2 instances | AWS | Compliance Validation | LOW |
AC_AWS_0468 | Ensure encryption is enabled for AWS Athena Database | AWS | Data Protection | HIGH |
AC_AWS_0475 | Ensure redundant resources are not used for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0476 | Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
AC_AWS_0491 | Ensure CloudTrail created sns policy have a condition key with either aws:SourceArn or aws:SourceAccount condition key used in Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0492 | Ensure use of NotAction with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0494 | Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0506 | Ensure valid account number format is used in AWS EFS File System Policy | AWS | Security Best Practices | LOW |
AC_AWS_0515 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0527 | Ensure LDAP (UDP:389) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0533 | Ensure Memcached SSL (UDP:11211) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0538 | Ensure Oracle DB (TCP:2483) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0542 | Ensure Redis without SSL (TCP:6379) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0547 | Ensure there is an encrypted connection between AWS CloudFront server and Origin server | AWS | Data Protection | HIGH |
AC_AWS_0554 | Ensure there is only one active access key available for any single IAM user | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0555 | Ensure IAM instance roles are used for AWS resource access from instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0560 | Ensure a log metric filter and alarm exist for usage of 'root' account | AWS | Security Best Practices | HIGH |
AC_AWS_0563 | Ensure a log metric filter and alarm exist for AWS Management Console authentication failures | AWS | Security Best Practices | HIGH |
AC_AWS_0565 | Ensure a log metric filter and alarm exist for S3 bucket policy changes | AWS | Security Best Practices | HIGH |
AC_AWS_0570 | Ensure a log metric filter and alarm exist for route table changes | AWS | Security Best Practices | HIGH |
AC_AWS_0585 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0592 | Ensure that encryption is enabled for EFS file systems | AWS | Data Protection | HIGH |
AC_AWS_0597 | Ensure MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
AC_AWS_0613 | Ensure AWS Lambda function is configured with a Dead Letter Queue | AWS | Logging and Monitoring | LOW |
AC_AWS_0619 | Ensure AWS Lambda function permissions have a source ARN specified | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0631 | Ensure AWS Security Hub is enabled | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0633 | Ensure that IAM Access analyzer is enabled for all regions | AWS | Infrastructure Security | MEDIUM |
S3_AWS_0004 | Ensure versioning is enabled for AWS S3 Buckets - Terraform Version 1.x | AWS | Resilience | HIGH |
S3_AWS_0009 | Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |