| AC_GCP_0121 | Ensure Memcached SSL (UDP:11215) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0125 | Ensure Memcached SSL (TCP:11215) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0129 | Ensure Memcached SSL (TCP:11214) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0131 | Ensure Memcached SSL (TCP:11214) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0136 | Ensure Cassandra (TCP:7001) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0146 | Ensure MySQL (TCP:3306) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0149 | Ensure Oracle DB SSL (UDP:2484) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0154 | Ensure SQL Server Analysis Services (TCP:2383) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0155 | Ensure SQL Server Analysis Services (TCP:2383) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0157 | Ensure MSSQL Server (TCP:1433) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0160 | Ensure LDAP SSL (TCP:636) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0165 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0166 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0190 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0191 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0192 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0199 | Ensure Redis (TCP:6379) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_AWS_0011 | Ensure that the endpoint type is set to private for API Gateway Rest API | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0515 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0527 | Ensure LDAP (UDP:389) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0533 | Ensure Memcached SSL (UDP:11211) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0538 | Ensure Oracle DB (TCP:2483) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0542 | Ensure Redis without SSL (TCP:6379) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AZURE_0561 | Ensure Virtual Machines are utilizing Managed Disks | Azure | Data Protection | MEDIUM |
| AC_GCP_0303 | Ensure that retention policies on log buckets are configured using Bucket Lock | GCP | Logging and Monitoring | LOW |
| AC_AWS_0157 | Ensure KMS customer managed keys are used for encryption in AWS Kinesis Streams | AWS | Data Protection | HIGH |
| AC_AWS_0429 | Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets | AWS | Data Protection | HIGH |
| AC_AWS_0547 | Ensure there is an encrypted connection between AWS CloudFront server and Origin server | AWS | Data Protection | HIGH |
| AC_AWS_0592 | Ensure that encryption is enabled for EFS file systems | AWS | Data Protection | HIGH |
| AC_K8S_0025 | Ensure default name space is not in use in Kubernetes Namespace | Kubernetes | Security Best Practices | LOW |
| AC_AWS_0136 | Ensure IAM password policy requires minimum length of 14 or greater | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0631 | Ensure AWS Security Hub is enabled | AWS | Infrastructure Security | MEDIUM |
| AC_GCP_0006 | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level - google_project_iam_member | GCP | Identity and Access Management | HIGH |
| AC_GCP_0008 | Ensure that corporate login credentials are used | GCP | Identity and Access Management | LOW |
| AC_AWS_0633 | Ensure that IAM Access analyzer is enabled for all regions | AWS | Infrastructure Security | MEDIUM |
| AC_AZURE_0210 | Ensure that Diagnostic Logs Are Enabled for All Services that Support it | Azure | Logging and Monitoring | MEDIUM |
| AC_GCP_0370 | Ensure Instance IP assignment is set to private | GCP | Compliance Validation | LOW |
| AC_K8S_0043 | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | Data Protection | MEDIUM |
| AC_K8S_0096 | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0131 | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | Compliance Validation | MEDIUM |
| S3_AWS_0016 | Ensure MFA Delete is enabled on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
| AC_AZURE_0414 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
| AC_GCP_0101 | Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
| AC_GCP_0254 | Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
| AC_AZURE_0153 | Ensure overprovisioning is disabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | LOW |
| AC_AWS_0133 | Ensure there is no IAM user with permanent programmatic access | AWS | Identity and Access Management | MEDIUM |
| AC_AZURE_0046 | Ensure 'Additional email addresses' is Configured with a Security Contact Email | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0337 | Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0366 | Ensure that 'Public access level' is set to Private for blob containers | Azure | Identity and Access Management | HIGH |
| AC_GCP_0224 | Ensure Remote Desktop (TCP:3389) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
