AC_AWS_0044 | Ensure 'password policy' is enabled - at least 1 lower case character | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0380 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0415 | Ensure that the retention policy is enabled for Azure Network Watcher Flow Log | Azure | Resilience | MEDIUM |
AC_AWS_0136 | Ensure IAM password policy requires minimum length of 14 or greater | AWS | Compliance Validation | MEDIUM |
AC_GCP_0006 | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0008 | Ensure that corporate login credentials are used | GCP | Identity and Access Management | LOW |
AC_AZURE_0416 | Ensure that traffic analytics is enabled via Azure Network Watcher Flow Log | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0418 | Ensure that Network Watcher is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_GCP_0036 | Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute Instance | GCP | Data Protection | MEDIUM |
AC_GCP_0038 | Ensure default setting for OSLogin is not overridden by Google Compute Instance | GCP | Identity and Access Management | LOW |
AC_AWS_0226 | Ensure secrets should be auto-rotated after not more than 90 days | AWS | Compliance Validation | HIGH |
AC_AWS_0470 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0119 | Ensure CORS is tightly controlled and managed for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0129 | Ensure 'email account admins' is enabled for Azure MySQL Database Threat Detection Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0368 | Ensure CORS rules are set according to organization's policy for Azure Storage Account | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0012 | Ensure a key rotation mechanism within a 365 day period is implemented for Google KMS Crypto Key | GCP | Security Best Practices | LOW |
AC_GCP_0026 | Ensure network policy is enabled on Google Container Cluster | GCP | Infrastructure Security | HIGH |
AC_AZURE_0246 | Ensure that 'Java version' is the latest, if used to run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0128 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AWS_0196 | Ensure IAM Policy does not Allow with NotPrincipal | AWS | Identity and Access Management | HIGH |
AC_AWS_0219 | Ensure 'allow get actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0412 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with value not following standard CIDR | AWS | Identity and Access Management | LOW |
AC_AWS_0414 | Ensure there is no IAM policy with a condition element having NotIpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0417 | Ensure there is no IAM policy with a condition element having IfExists Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0418 | Ensure there is no IAM policy with Redundant action | AWS | Identity and Access Management | LOW |
AC_AZURE_0114 | Ensure HTTPS is enabled for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0117 | Ensure managed identity is used in Azure Windows Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0123 | Ensure managed identity is used in Azure Linux Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0175 | Ensure Azure RBAC (role-based access control) is used to control access to resources for Azure Function App | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0186 | Ensure that admin user is disabled for Azure Container Registry | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0188 | Ensure end-to-end TLS is enabled to encrypt and securely transmit sensitive data to the backend for Azure Application Gateway | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0405 | Ensure admin auth is properly setup for Azure PostgreSQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0589 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
S3_AWS_0012 | Ensure AWS S3 Buckets are not world-listable for anonymous users - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AWS_0139 | Ensure password policy requires rotation every 60 days or less for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AZURE_0414 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0101 | Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0254 | Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
AC_AZURE_0354 | Ensure that VPN Encryption is enabled for Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
S3_AWS_0013 | Ensure there are no world-writeable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
S3_AWS_0014 | Ensure there are no world-readable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AWS_0019 | Ensure there is no policy with Empty array Action | AWS | Identity and Access Management | LOW |
AC_AWS_0223 | Ensure 'allow getAcl actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0224 | Ensure 'allow putAcl actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AZURE_0121 | Ensure HTTPS is enabled for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0125 | Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0002 | Ensure notification email setting is enabled for Azure SQL Database Threat Detection Policy | Azure | Logging and Monitoring | LOW |
AC_AWS_0133 | Ensure there is no IAM user with permanent programmatic access | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0153 | Ensure virtual private cloud (VPC) is configured for AWS EC2 instances | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0215 | Ensure bucket policy is enforced with least privileges for all AWS S3 buckets | AWS | Identity and Access Management | HIGH |