AC_AWS_0397 | Ensure multiple ENI are not attached to a single AWS Instance | AWS | Security Best Practices | LOW |
AC_AWS_0455 | Ensure monitoring is enabled for AWS Launch Configuration | AWS | Logging and Monitoring | HIGH |
AC_AWS_0459 | Ensure detailed monitoring is enabled for AWS EC2 instances | AWS | Compliance Validation | LOW |
AC_AWS_0555 | Ensure IAM instance roles are used for AWS resource access from instances | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0111 | Ensure that automatic upgrades are enabled for Azure Virtual Machine Extension | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0150 | Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale Set | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0160 | Ensure that private cluster is enabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0187 | Ensure user id's are all system managed for Azure Container Group | Azure | Identity and Access Management | LOW |
AC_AZURE_0197 | Ensure custom script extensions are not used in Azure Windows Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0200 | Ensure custom script extensions are not used in Azure Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0223 | Ensure that auto-scaling is enabled for Azure Kubernetes Cluster | Azure | Resilience | MEDIUM |
AC_AZURE_0256 | Ensure private DNS zones are not linked to Azure Virtual Network | Azure | Compliance Validation | LOW |
AC_AZURE_0348 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_AZURE_0359 | Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale Set | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0548 | Ensure disk encryption is enabled for Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0561 | Ensure Virtual Machines are utilizing Managed Disks | Azure | Data Protection | MEDIUM |
AC_GCP_0017 | Ensure Node Auto-Upgrade is enabled for GKE nodes | GCP | Security Best Practices | LOW |
AC_GCP_0019 | Ensure labels are configured for Google Container Cluster | GCP | Compliance Validation | LOW |
AC_GCP_0028 | Ensure Legacy Authorization (ABAC) is Disabled | GCP | Identity and Access Management | HIGH |
AC_GCP_0040 | Ensure That Instances Are Not Configured To Use the Default Service Account | GCP | Identity and Access Management | HIGH |
AC_GCP_0229 | Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) | GCP | Data Protection | MEDIUM |
AC_GCP_0243 | Ensure application-layer secrets are encrypted for Google Container Cluster | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0244 | Ensure HTTP load balancing is enabled for Google Container Cluster | GCP | Resilience | MEDIUM |
AC_GCP_0269 | Ensure that 'always allow' evaluation mode is restricted for Google Binary Authorization Policy | GCP | Security Best Practices | MEDIUM |
AC_GCP_0270 | Ensure the GKE Metadata Server is Enabled | GCP | Security Best Practices | LOW |
AC_GCP_0276 | Ensure use of Binary Authorization | GCP | Infrastructure Security | LOW |
AC_GCP_0278 | Ensure Oslogin Is Enabled for a Project - google_compute_instance | GCP | Security Best Practices | LOW |
AC_GCP_0297 | Ensure legacy Compute Engine instance metadata APIs are Disabled | GCP | Infrastructure Security | LOW |
AC_GCP_0323 | Ensure Compute Instances Are Launched With Shielded VM Enabled | GCP | Infrastructure Security | LOW |
AC_GCP_0327 | Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key | GCP | Infrastructure Security | LOW |
AC_K8S_0031 | Ensure that the --audit-log-path argument is set | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0034 | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0043 | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0056 | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0059 | Ensure that the --client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0061 | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0064 | Apply Security Context to Your Pods and Containers | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0068 | Ensure image tag is set in Kubernetes workload configuration | Kubernetes | Security Best Practices | LOW |
AC_K8S_0069 | Ensure that every container image has a hash digest in all Kubernetes workloads | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0070 | Ensure liveness probe is configured for containers in all Kubernetes workloads | Kubernetes | Security Best Practices | LOW |
AC_K8S_0072 | Ensure readiness probe is configured for containers in all Kubernetes workloads | Kubernetes | Security Best Practices | LOW |
AC_K8S_0073 | Ensure AppArmor profile is not set to runtime/default in Kubernetes workload configuration | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0077 | Ensure 'procMount' is set to default in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0079 | Ensure containers run with a high UID usually > 1000 to avoid host conflict | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0081 | Ensure only allowed volume types are mounted for all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0086 | The default namespace should not be used | Kubernetes | Security Best Practices | LOW |
AC_K8S_0087 | Minimize the admission of root containers | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0096 | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0099 | Ensure Memory request is set for Kubernetes workloads | Kubernetes | Security Best Practices | MEDIUM |
AC_K8S_0100 | Ensure Memory request is set for Kubernetes workloads | Kubernetes | Security Best Practices | MEDIUM |