AC_AWS_0388 | Ensure field-level encryption is enabled for AWS CloudFront distribution | AWS | Data Protection | MEDIUM |
AC_AWS_0390 | Ensure origin access identity is enabled for AWS CloudFront distributions with S3 origin | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0391 | Ensure 'public IP on launch' is not enabled for AWS Subnets | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0393 | Ensure automated backup using EFS Backup policy is enabled for AWS Elastic File System (EFS) | AWS | Resilience | MEDIUM |
AC_AWS_0396 | Ensure requests greater than 8 KB are blocked by AWS Web Application Firewall | AWS | Security Best Practices | HIGH |
AC_AWS_0401 | Ensure encryption at rest is enabled for AWS Backup Vault | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0402 | Ensure wildcards(*) are not used in IAM policies for AWS Backup Vault Policy | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0413 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0424 | Ensure direct access from the internet is disabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
AC_AWS_0426 | Ensure that initial login requires password reset for AWS IAM Users | AWS | Compliance Validation | HIGH |
AC_AWS_0432 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0435 | Ensure access logging is enabled for AWS LB (Load Balancer) | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0438 | Ensure that there are no orphan in AWS IAM groups | AWS | Compliance Validation | LOW |
AC_AWS_0440 | Ensure deletion protection is enabled for AWS LB (Load Balancer) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0446 | Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AWS_0466 | Ensure IAM policy is attached to Amazon Elastic Container Registry (Amazon ECR) repository | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0471 | Ensure correct combination of JSON policy elements is used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0474 | Ensure global condition key is not used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0485 | Ensure there is no policy with an invalid principal format for Amazon Simple Queue Service (SQS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0493 | Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0496 | Ensure IAM Policies were not configured with versions in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0498 | Ensure there is no IAM policy with invalid condition operator | AWS | Identity and Access Management | LOW |
AC_AWS_0501 | Ensure Adding a valid base64-encoded string value for the condition operator | AWS | Identity and Access Management | LOW |
AC_AWS_0502 | Ensure valid account number format is used in Amazon Simple Notification Service (SNS) Topic | AWS | Security Best Practices | LOW |
AC_AWS_0503 | Ensure valid account number format is used in Amazon Simple Queue Service (SQS) Queue | AWS | Security Best Practices | LOW |
AC_AWS_0511 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0512 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0518 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0522 | Ensure Cassandra Thrift (TCP:9160) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0541 | Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0545 | Ensure environment variables do not contain any credentials in AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AWS_0549 | Ensure geo-restriction is enabled for AWS CloudFront | AWS | Infrastructure Security | LOW |
AC_AWS_0564 | Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs | AWS | Security Best Practices | HIGH |
AC_AWS_0567 | Ensure a log metric filter and alarm exist for security group changes | AWS | Security Best Practices | HIGH |
AC_AWS_0574 | Ensure that Object-level logging for write events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
AC_AWS_0577 | Ensure tags are defined for AWS NAT Gateways | AWS | Security Best Practices | LOW |
AC_AWS_0579 | Ensure multiple availability zones are used to deploy AWS NAT Gateways | AWS | Security Best Practices | MEDIUM |
AC_AWS_0604 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
AC_AWS_0607 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
AC_AWS_0610 | Ensure no security groups allow ingress from ::/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AWS_0618 | Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLs | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0632 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AWS_0646 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
AC_AWS_0002 | Ensure AWS Certificate Manager (ACM) certificates are renewed 30 days before expiration date | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0003 | Ensure AWS Certificate Manager (ACM) certificates are renewed 7 days before expiration date | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0005 | Ensure encryption is enabled for Amazon Machine Image (AMI) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0008 | Ensure stage caching is enabled for AWS API Gateway Method Settings | AWS | Compliance Validation | MEDIUM |
AC_AWS_0011 | Ensure that the endpoint type is set to private for API Gateway Rest API | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0020 | Ensure failover criteria is set for AWS Cloudfront Distribution | AWS | Resilience | MEDIUM |
AC_AWS_0023 | Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |