AC_K8S_0109 | Ensure that the --secure-port argument is not set to 0 | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0112 | Ensure the use of externalIPs is restricted for Kubernetes service | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0114 | Ensure the use of selector is enforced for Kubernetes Ingress or LoadBalancer service | Kubernetes | Infrastructure Security | LOW |
AC_K8S_0110 | Ensure that the Tiller Service (Helm v2) is not deployed for Kubernetes service | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0111 | Ensure for exposing Kubernetes workload to the internet, NodePort service is not used | Kubernetes | Infrastructure Security | LOW |
AC_AWS_0070 | Ensure auto minor version upgrade is enabled for AWS Database Migration Service (DMS) instances | AWS | Security Best Practices | MEDIUM |
AC_AWS_0109 | Ensure latest version of elasticsearch engine is used for AWS ElasticSearch Domains | AWS | Compliance Validation | MEDIUM |
AC_AWS_0112 | Ensure encryption at-rest is enabled for AWS ElasticSearch Domains | AWS | Data Protection | HIGH |
AC_AWS_0114 | Ensure node-to-node encryption is enabled for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AZURE_0190 | Ensure auto renew of certificates is turned off for Azure App Service Certificate Order | Azure | Infrastructure Security | LOW |
AC_AZURE_0192 | Ensure auditing and monitoring is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0194 | Ensure that Register with Azure Active Directory is enabled on App Service | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0336 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0569 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_app | Azure | Security Best Practices | MEDIUM |
AC_AWS_0068 | Ensure public access is disabled for AWS Database Migration Service (DMS) instances | AWS | Data Protection | HIGH |
AC_AWS_0110 | Ensure ElasticSearch Zone Awareness is enabled | AWS | Resilience | MEDIUM |
AC_AWS_0111 | Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0116 | Ensure advanced security options are enabled for AWS ElasticSearch Domain | AWS | Infrastructure Security | HIGH |
AC_AZURE_0191 | Ensure Web App is using the latest version of TLS encryption | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0193 | Ensure web sockets are disabled for Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0539 | Ensure 'always_on' feature is enabled for Azure App Service | Azure | Resilience | MEDIUM |
AC_AZURE_0574 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0576 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0243 | Ensure that LocalGit repository folder is not set to 'wwwroot' for Azure App Service | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0296 | Ensure that failed request tracing is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0307 | Ensure public access is disabled for Azure Search Service | Azure | Infrastructure Security | HIGH |
AC_AZURE_0335 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0538 | Ensure App Service Authentication is set up for apps in Azure App Service | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0568 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_linux_web_app | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0573 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0582 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_windows_web_app | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0583 | Ensure FTP deployments are Disabled - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0107 | Ensure dedicated master nodes are enabled for AWS ElasticSearch Domains | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0108 | Ensure general purpose SSD node type is not used for AWS ElasticSearch Domains | AWS | Compliance Validation | HIGH |
AC_AWS_0115 | Ensure HTTPS-only is enforced for AWS ElasticSearch Domain | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0118 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain_policy | AWS | Identity and Access Management | HIGH |
AC_AZURE_0086 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0105 | Ensure slow logs (index slow logs) are enabled for AWS ElasticSearch Domain | AWS | Compliance Validation | MEDIUM |
AC_AWS_0117 | Ensure latest TLS version is used for AWS ElasticSearch Nodes | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0196 | Ensure that IP restrictions rules are configured for Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0220 | Ensure Customer Managed Key (CMK) is configured for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0221 | Ensure CORS is configured to allow only trusted clients for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0248 | Ensure That 'PHP version' is the Latest, If Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0297 | Ensure that Azure Files are used for Azure App Service | Azure | Resilience | MEDIUM |
AC_AZURE_0571 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0572 | Ensure Web App is using the latest version of TLS encryption - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0575 | Ensure Web App is using the latest version of TLS encryption - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0577 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |