AC_GCP_0268 | Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer | GCP | Identity and Access Management | LOW |
AC_GCP_0330 | Ensure Essential Contacts is Configured for Organization | GCP | Logging and Monitoring | LOW |
AC_AWS_0044 | Ensure 'password policy' is enabled - at least 1 lower case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0137 | Eliminate use of the root user for administrative and daily tasks | AWS | Compliance Validation | MEDIUM |
AC_AWS_0139 | Ensure password policy requires rotation every 60 days or less for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AWS_0145 | Ensure that full access to edit IAM Policies is restricted | AWS | Identity and Access Management | HIGH |
AC_AWS_0196 | Ensure IAM Policy does not Allow with NotPrincipal | AWS | Identity and Access Management | HIGH |
AC_AWS_0412 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with value not following standard CIDR | AWS | Identity and Access Management | LOW |
AC_AWS_0414 | Ensure there is no IAM policy with a condition element having NotIpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0417 | Ensure there is no IAM policy with a condition element having IfExists Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0418 | Ensure there is no IAM policy with Redundant action | AWS | Identity and Access Management | LOW |
AC_AWS_0431 | Ensure cloud users don't have any direct permissions in AWS IAM Policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0462 | Ensure no policy is attached that may cause privilege escalation for AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0473 | Ensure principal element is not empty in AWS IAM Trust Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0488 | Ensure there is no IAM policy with invalid policy element | AWS | Identity and Access Management | LOW |
AC_AWS_0490 | Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked roles | AWS | Identity and Access Management | HIGH |
AC_AWS_0497 | Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0550 | Ensure actions '*' and resource '*' are not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0552 | Ensure MFA is enabled for the "root user" account | AWS | Compliance Validation | HIGH |
AC_AWS_0573 | Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0595 | Ensure access keys are rotated every 90 days or less | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0596 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
AC_AZURE_0541 | Ensure permission type is not set to 'Admin' in oauth2_permissions for AzureAD Application | Azure | Identity and Access Management | HIGH |
AC_AZURE_0556 | Ensure That No Custom Subscription Administrator Roles Exist | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0007 | Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level - google_project_iam_binding | GCP | Identity and Access Management | HIGH |
AC_GCP_0009 | Ensure That Cloud Audit Logging Is Configured Properly | GCP | Logging and Monitoring | LOW |
AC_GCP_0265 | Ensure sharing of service account credentials is restricted using Google Service Account | GCP | Security Best Practices | MEDIUM |
AC_GCP_0291 | Ensure oslogin is enabled for a Project - google_compute_project_metadata | GCP | Security Best Practices | LOW |
AC_GCP_0314 | Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users | GCP | Identity and Access Management | HIGH |
AC_AZURE_0387 | Ensure That No Custom Subscription Owner Roles Are Created | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0388 | Ensure guest users are disabled for Azure Role Assignment | Azure | Identity and Access Management | HIGH |
AC_GCP_0247 | Ensure IAM roles do not impersonate or manage service accounts used at organization level for Google Cloud | GCP | Identity and Access Management | HIGH |
AC_GCP_0336 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
AC_AWS_0014 | Ensure resource ARNs do not have region missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0030 | Ensure valid account number format is used in AWS IAM Policy | AWS | Security Best Practices | LOW |
AC_AWS_0040 | Ensure IAM policies with NotAction and NotResource are not attached or used | AWS | Identity and Access Management | HIGH |
AC_AWS_0042 | Ensure standard password policy must be followed with password at least 14 characters long | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0045 | Ensure 'password policy' is enabled - at least 1 upper case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0046 | Ensure 'password policy' is enabled - at least 1 symbol | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0050 | Ensure `arn` prefix is in use for resource in AWS IAM Policy | AWS | Security Best Practices | LOW |
AC_AWS_0132 | Ensure no root user account access key exists | AWS | Identity and Access Management | HIGH |
AC_AWS_0134 | Ensure password policy requires at least one lowercase character for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AWS_0138 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
AC_AWS_0413 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0426 | Ensure that initial login requires password reset for AWS IAM Users | AWS | Compliance Validation | HIGH |
AC_AWS_0432 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0438 | Ensure that there are no orphan in AWS IAM groups | AWS | Compliance Validation | LOW |
AC_AWS_0471 | Ensure correct combination of JSON policy elements is used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0474 | Ensure global condition key is not used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0493 | Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |