AC_AWS_0059 | Ensure master username does not use commonly predicted usernames for Amazon Relational Database Service (Amazon RDS) instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0061 | Ensure active directory remains in use to authenticate users for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0069 | Ensure Multi-AZ is enabled for AWS Database Migration Service (DMS) instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0086 | Ensure container insights are enabled for Amazon Elastic Container Service (ECS) clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0089 | Ensure potential DATABASE information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0090 | Ensure SECRET information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0091 | Ensure potential TOKEN information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0092 | Ensure potential LICENSE information is not disclosed in plain text in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0113 | Ensure Amazon cognito authentication is enabled for AWS ElasticSearch Domain | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0127 | Ensure flow logs are enabled for AWS Global Accelerator | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0150 | Ensure a log metric filter and alarm exist for AWS NAT Gateways | AWS | Security Best Practices | HIGH |
AC_AWS_0174 | Ensure log exports is enabled for AWS MQ Brokers | AWS | Logging and Monitoring | LOW |
AC_AWS_0202 | Ensure AWS Redshift Cluster should not be using the default port (5439) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0440 | Ensure deletion protection is enabled for AWS LB (Load Balancer) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0485 | Ensure there is no policy with an invalid principal format for Amazon Simple Queue Service (SQS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0545 | Ensure environment variables do not contain any credentials in AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AWS_0577 | Ensure tags are defined for AWS NAT Gateways | AWS | Security Best Practices | LOW |
AC_AZURE_0132 | Ensure 'email account admins' is enabled for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0133 | Ensure there is no IAM user with permanent programmatic access | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0046 | Ensure 'Additional email addresses' is Configured with a Security Contact Email | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0337 | Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0179 | Ensure CORS is tightly controlled and managed for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0244 | Ensure remote debugging is turned off for Azure App Service | Azure | Infrastructure Security | HIGH |
AC_AZURE_0280 | Ensure accessibility is restricted up to 256 hosts in Azure SQL Firewall Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0390 | Ensure accessibility is restricted to 256 hosts for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0402 | Ensure audit log retention period is greater than 90 days for Azure PostgreSQL Server | Azure | Resilience | LOW |
AC_GCP_0020 | Ensure private cluster is enabled for Google Container Cluster | GCP | Infrastructure Security | HIGH |
AC_AWS_0502 | Ensure valid account number format is used in Amazon Simple Notification Service (SNS) Topic | AWS | Security Best Practices | LOW |
AC_AZURE_0366 | Ensure that 'Public access level' is set to Private for blob containers | Azure | Identity and Access Management | HIGH |
AC_GCP_0224 | Ensure Remote Desktop (TCP:3389) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_K8S_0034 | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_AZURE_0162 | Ensure secrets have content type set for Azure Key Vault Secret | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0202 | Ensure access duration is set to 3600 seconds or less for Azure Managed Disk SAS Token | Azure | Data Protection | LOW |
AC_AZURE_0259 | Ensure point-in-time-restore is enabled for Azure SQL Database | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0268 | Ensure geo-redundant backups are enabled for Azure MySQL Single Server | Azure | Data Protection | HIGH |
AC_AZURE_0303 | Ensure that authentication feature is enabled for Azure Function App | Azure | Security Best Practices | LOW |
AC_AZURE_0358 | Ensure use of NSG with Azure Virtual Machine Scale Set | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0014 | Ensure resource ARNs do not have region missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0050 | Ensure `arn` prefix is in use for resource in AWS IAM Policy | AWS | Security Best Practices | LOW |
AC_AWS_0053 | Ensure IAM authentication is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | MEDIUM |
AC_AWS_0119 | Ensure permissions are tightly controlled for AWS ElasticSearch Domains | AWS | Identity and Access Management | HIGH |
AC_AWS_0183 | Ensure IAM database authentication has been enabled for AWS Neptune cluster | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0388 | Ensure field-level encryption is enabled for AWS CloudFront distribution | AWS | Data Protection | MEDIUM |
AC_AWS_0390 | Ensure origin access identity is enabled for AWS CloudFront distributions with S3 origin | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0393 | Ensure automated backup using EFS Backup policy is enabled for AWS Elastic File System (EFS) | AWS | Resilience | MEDIUM |
AC_AWS_0401 | Ensure encryption at rest is enabled for AWS Backup Vault | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0402 | Ensure wildcards(*) are not used in IAM policies for AWS Backup Vault Policy | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0435 | Ensure access logging is enabled for AWS LB (Load Balancer) | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0466 | Ensure IAM policy is attached to Amazon Elastic Container Registry (Amazon ECR) repository | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0471 | Ensure correct combination of JSON policy elements is used in AWS IAM Policy | AWS | Identity and Access Management | LOW |