AC_GCP_0234 | Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled | GCP | Identity and Access Management | LOW |
AC_GCP_0239 | Ensure That Service Account Has No Admin Privileges - google_storage_bucket_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0246 | Ensure folder level default service account is not configured in Google Folder IAM Binding | GCP | Identity and Access Management | LOW |
AC_GCP_0247 | Ensure IAM roles do not impersonate or manage service accounts used at organization level for Google Cloud | GCP | Identity and Access Management | HIGH |
AC_GCP_0336 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
AC_K8S_0001 | Configure Image Provenance using ImagePolicyWebhook admission controller | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0005 | Ensure that the Anonymous Auth is Not Enabled | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0018 | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0023 | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0036 | Ensure that the --service-account-lookup argument is set to true | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0082 | Minimize the admission of containers wishing to share the host process ID namespace | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0094 | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0106 | Ensure that the cluster-admin role is only used where required | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0107 | Ensure pod/attach create roles are minimized in Kubernetes cluster in Kubernetes Role | Kubernetes | Identity and Access Management | HIGH |
AC_AWS_0014 | Ensure resource ARNs do not have region missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0040 | Ensure IAM policies with NotAction and NotResource are not attached or used | AWS | Identity and Access Management | HIGH |
AC_AWS_0042 | Ensure standard password policy must be followed with password at least 14 characters long | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0045 | Ensure 'password policy' is enabled - at least 1 upper case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0046 | Ensure 'password policy' is enabled - at least 1 symbol | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0059 | Ensure master username does not use commonly predicted usernames for Amazon Relational Database Service (Amazon RDS) instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0106 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain | AWS | Identity and Access Management | HIGH |
AC_AWS_0113 | Ensure Amazon cognito authentication is enabled for AWS ElasticSearch Domain | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0119 | Ensure permissions are tightly controlled for AWS ElasticSearch Domains | AWS | Identity and Access Management | HIGH |
AC_AWS_0125 | Ensure public access is disabled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0132 | Ensure no root user account access key exists | AWS | Identity and Access Management | HIGH |
AC_AWS_0183 | Ensure IAM database authentication has been enabled for AWS Neptune cluster | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0211 | Ensure AWS S3 Buckets are not listable for Authenticated users group | AWS | Identity and Access Management | HIGH |
AC_AWS_0221 | Ensure 'allow put actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0390 | Ensure origin access identity is enabled for AWS CloudFront distributions with S3 origin | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0413 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0432 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0466 | Ensure IAM policy is attached to Amazon Elastic Container Registry (Amazon ECR) repository | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0471 | Ensure correct combination of JSON policy elements is used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0474 | Ensure global condition key is not used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0485 | Ensure there is no policy with an invalid principal format for Amazon Simple Queue Service (SQS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0493 | Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0496 | Ensure IAM Policies were not configured with versions in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0498 | Ensure there is no IAM policy with invalid condition operator | AWS | Identity and Access Management | LOW |
AC_AWS_0501 | Ensure Adding a valid base64-encoded string value for the condition operator | AWS | Identity and Access Management | LOW |
AC_AWS_0574 | Ensure that Object-level logging for write events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
AC_AWS_0618 | Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLs | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0044 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0088 | Ensure App Service Authentication is set up for apps in Azure App Service | Azure | Identity and Access Management | MEDIUM |