AC_AZURE_0251 | Ensure key size is set on all keys for Azure Key Vault Key | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0277 | Ensure tags are associated with Azure CosmosDB Account | Azure | Compliance Validation | LOW |
AC_AZURE_0289 | Ensure HTTP application routing has been disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | HIGH |
AC_AZURE_0296 | Ensure that failed request tracing is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0540 | Ensure `force_password_change` is set to true for AzureAD User | Azure | Identity and Access Management | HIGH |
AC_GCP_0029 | Ensure stackdriver monitoring is enabled on Google Container Cluster | GCP | Logging and Monitoring | HIGH |
AC_K8S_0074 | Ensure kernel and system level calls are not configured in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_AZURE_0212 | Ensure the "Minimum TLS version" is set to "Version 1.2" | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0017 | Ensure Node Auto-Upgrade is enabled for GKE nodes | GCP | Security Best Practices | LOW |
AC_GCP_0297 | Ensure legacy Compute Engine instance metadata APIs are Disabled | GCP | Infrastructure Security | LOW |
AC_K8S_0031 | Ensure that the --audit-log-path argument is set | Kubernetes | Logging and Monitoring | MEDIUM |
AC_AZURE_0119 | Ensure CORS is tightly controlled and managed for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0129 | Ensure 'email account admins' is enabled for Azure MySQL Database Threat Detection Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0368 | Ensure CORS rules are set according to organization's policy for Azure Storage Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0382 | Ensure SQL Server audit with selected event types is enabled and has retention period of minimum 365 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0012 | Ensure a key rotation mechanism within a 365 day period is implemented for Google KMS Crypto Key | GCP | Security Best Practices | LOW |
AC_GCP_0026 | Ensure network policy is enabled on Google Container Cluster | GCP | Infrastructure Security | HIGH |
AC_AZURE_0036 | Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key | Azure | Data Protection | MEDIUM |
AC_AZURE_0048 | Ensure That 'Notify about alerts with the following severity' is Set to 'High' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0136 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0137 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0218 | Ensure that Activity Log Alert exists for Create Policy Assignment | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0348 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_GCP_0268 | Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer | GCP | Identity and Access Management | LOW |
AC_GCP_0270 | Ensure the GKE Metadata Server is Enabled | GCP | Security Best Practices | LOW |
AC_AWS_0009 | Ensure stage cache have encryption enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0039 | Ensure data events logging is enabled for AWS CloudTrail trails | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0060 | Ensure that Multi-AZ is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0072 | Ensure backup retention period is set according to best practice for AWS DocumentDB clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0173 | Ensure a default root object is configured for AWS Cloudfront Distribution | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0383 | Ensure AWS Redshift database clusters are not using 'awsuser' (default master user name) for database access | AWS | Compliance Validation | MEDIUM |
AC_AWS_0403 | Ensure that an API key is required on a method request for AWS API Gateway Method | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0408 | Ensure Effect is set to 'Deny' if NotAction is used in AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0409 | Ensure Effect is set to 'Deny' if Condition is used in AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0464 | Ensure database retention is enabled for Amazon Relational Database Service (Amazon RDS) cluster | AWS | Resilience | MEDIUM |
AC_AWS_0472 | Ensure only uppercase letters, lowercase letters and numbers are used in Sid element in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0477 | Ensure there is no IAM policy with invalid global condition keys | AWS | Identity and Access Management | LOW |
AC_AWS_0481 | Ensure there is no policy with invalid principal format for AWS S3 Bucket policy | AWS | Identity and Access Management | LOW |
AC_AWS_0487 | Ensure there is no IAM policy with multiple condition boolean values | AWS | Identity and Access Management | LOW |
AC_AWS_0499 | Ensure that IAM policy does not exceed the identity policy quota for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0500 | Ensure condition value does not use wildcards (* and ?) without like operator | AWS | Identity and Access Management | LOW |
AC_AWS_0507 | Ensure Adding Add a valid numeric value for the condition operator | AWS | Identity and Access Management | LOW |
AC_AWS_0551 | Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Queue Service (SQS) Queue | AWS | Identity and Access Management | LOW |
AC_AWS_0580 | Ensure there is no policy with invalid action for Amazon Elastic Container Registry (ECR) Public repository policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0581 | Ensure Full Access (AmazonElasticContainerRegistryPublicFullAccess) is not applied to Amazon Elastic Container Registry (ECR) Public repository | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0616 | Ensure Code Signing is enabled for AWS Lambda functions | AWS | Data Protection | HIGH |
AC_AWS_0628 | Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLs | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0110 | Ensure backup is enabled using Azure Backup for Azure Windows Virtual Machines | Azure | Security Best Practices | LOW |
AC_AZURE_0120 | Ensure that authentication feature is enabled for Azure Windows Function App | Azure | Security Best Practices | LOW |
AC_AZURE_0152 | Ensure disk encryption is enabled for Azure Linux Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |