AC_AWS_0292 | Ensure Memcached SSL (UDP,11214) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0299 | Ensure NetBios Datagram Service (UDP,138) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0300 | Ensure NetBios Session Service (TCP,139) is not accessible by a CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0301 | Ensure NetBios Session Service (UDP,139) is not accessible by a CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0302 | Ensure Oracle DB SSL (TCP,2484) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0307 | Ensure Puppet Master (TCP:8140) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0310 | Ensure SQL Server Analysis Services (TCP,2383) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0312 | Ensure Oracle Database Server (TCP,1521) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
AC_AWS_0316 | Ensure MongoDB (TCP,27017) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
AC_AWS_0317 | Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
AC_AWS_0318 | Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
AC_AWS_0319 | Ensure SSH (TCP,22) is not accessible by a public CIDR block range | AWS | Infrastructure Security | LOW |
AC_AWS_0321 | Ensure Security Groups Unrestricted Specific Ports http (TCP,80) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0323 | Ensure Security Groups Unrestricted Specific Ports remote desktop port (TCP,3389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0325 | Ensure Security Groups Unrestricted Specific Ports SaltStackMaster (TCP,4506) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0328 | Ensure Security Groups Unrestricted Specific Ports MSSQLAdmin (TCP,1434) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0333 | Ensure Security Groups Unrestricted Specific Ports MemcachedSSL (TCP,11215) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0334 | Ensure Security Groups Unrestricted Specific Ports MemcachedSSL (UDP,11214) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0335 | Ensure Security Groups Unrestricted Specific Ports MemcachedSSL (UDP,11215) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0337 | Ensure CIFS/SMB' (TCP,3020) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0343 | Ensure NetBIOSNameService' (TCP,137) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0346 | Ensure NetBIOSDatagramService' (UDP,138) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0355 | Ensure SNMP' (UDP,161) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0357 | Ensure SQLServerAnalysisServices' (TCP,2383) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0360 | Ensure SMTP' (TCP,25) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0364 | Ensure server side encryption (SSE) is enabled for Amazon Simple Notification Service (SNS) Topic | AWS | Data Protection | MEDIUM |
AC_AWS_0367 | Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway Volumes | AWS | Security Best Practices | HIGH |
AC_AWS_0369 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
AC_AWS_0370 | Ensure default VPC is not used for AWS VPC | AWS | Security Best Practices | MEDIUM |
AC_AWS_0374 | Ensure data encryption is enabled for AWS X-Ray | AWS | Data Protection | HIGH |
AC_AWS_0375 | Ensure server-side encryption (SSE) is enforced for AWS DynamoDB tables | AWS | Data Protection | MEDIUM |
AC_AWS_0376 | Ensure server side encryption (SSE) is using a customer-managed KMS Key for AWS DynamoDB tables | AWS | Data Protection | HIGH |
AC_AWS_0379 | Ensure all data stored is encrypted in-transit for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0380 | Ensure all data stored is encrypted in-transit and has auth token for authentication for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0386 | Ensure that inline policy does not expose secrets in AWS Secrets Manager | AWS | Security Best Practices | HIGH |
AC_AWS_0389 | Ensure feature to compress objects automatically is configured for AWS Cloudfront | AWS | Compliance Validation | LOW |
AC_AWS_0412 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with value not following standard CIDR | AWS | Identity and Access Management | LOW |
AC_AWS_0414 | Ensure there is no IAM policy with a condition element having NotIpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0417 | Ensure there is no IAM policy with a condition element having IfExists Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0418 | Ensure there is no IAM policy with Redundant action | AWS | Identity and Access Management | LOW |
AC_AWS_0423 | Ensure SSL is enforced for parameter groups associated with AWS Redshift clusters | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0430 | Ensure there are no unnamed AWS EC2 instances | AWS | Compliance Validation | LOW |
AC_AWS_0431 | Ensure cloud users don't have any direct permissions in AWS IAM Policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0434 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0444 | Ensure AWS CloudFormation is used for managing an AWS Account | AWS | Security Best Practices | LOW |
AC_AWS_0445 | Ensure policies are used for AWS CloudFormation Stacks | AWS | Security Best Practices | MEDIUM |
AC_AWS_0453 | Ensure one target group is configured to listen on HTTPS for AWS Load Balancer | AWS | Infrastructure Security | HIGH |
AC_AWS_0456 | Ensure IMDSv1 is disabled for AWS EC2 instances in AWS Launch Configuration | AWS | Infrastructure Security | HIGH |
AC_AWS_0462 | Ensure no policy is attached that may cause privilege escalation for AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0463 | Ensure Transit Encryption is enabled for Amazon Elastic Container Service (ECS) Task Definition using Elastic File System (EFS) Volumes | AWS | Infrastructure Security | MEDIUM |