AC_AWS_0101 | Ensure public access is disabled for AWS Elastic Kubernetes Service (EKS) API servers | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0102 | Ensure redis version is compliant with AWS PCI-DSS requirements for AWS ElastiCache clusters | AWS | Compliance Validation | HIGH |
AC_AWS_0103 | Ensure memcached elasticache engines are not in use in AWS PCI-DSS environments for AWS ElastiCache clusters | AWS | Compliance Validation | HIGH |
AC_AWS_0104 | Ensure multi-az is configured for AWS ElastiCache Clusters | AWS | Resilience | MEDIUM |
AC_AWS_0105 | Ensure slow logs (index slow logs) are enabled for AWS ElasticSearch Domain | AWS | Compliance Validation | MEDIUM |
AC_AWS_0106 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain | AWS | Identity and Access Management | HIGH |
AC_AWS_0107 | Ensure dedicated master nodes are enabled for AWS ElasticSearch Domains | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0108 | Ensure general purpose SSD node type is not used for AWS ElasticSearch Domains | AWS | Compliance Validation | HIGH |
AC_AWS_0109 | Ensure latest version of elasticsearch engine is used for AWS ElasticSearch Domains | AWS | Compliance Validation | MEDIUM |
AC_AWS_0110 | Ensure ElasticSearch Zone Awareness is enabled | AWS | Resilience | MEDIUM |
AC_AWS_0111 | Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0112 | Ensure encryption at-rest is enabled for AWS ElasticSearch Domains | AWS | Data Protection | HIGH |
AC_AWS_0113 | Ensure Amazon cognito authentication is enabled for AWS ElasticSearch Domain | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0114 | Ensure node-to-node encryption is enabled for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0115 | Ensure HTTPS-only is enforced for AWS ElasticSearch Domain | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0116 | Ensure advanced security options are enabled for AWS ElasticSearch Domain | AWS | Infrastructure Security | HIGH |
AC_AWS_0117 | Ensure latest TLS version is used for AWS ElasticSearch Nodes | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0118 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain_policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0119 | Ensure permissions are tightly controlled for AWS ElasticSearch Domains | AWS | Identity and Access Management | HIGH |
AC_AWS_0120 | Ensure AWS ELB has one listener configured to listen for HTTPs traffic | AWS | Infrastructure Security | LOW |
AC_AWS_0121 | Ensure cross zone load balancing is enabled for AWS ELB | AWS | Resilience | MEDIUM |
AC_AWS_0122 | Ensure connection draining is enabled for AWS ELB | AWS | Resilience | MEDIUM |
AC_AWS_0123 | Ensure access logging is enabled for AWS ELB | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0124 | Ensure termination protection is enabled for AWS EMR clusters | AWS | Resilience | MEDIUM |
AC_AWS_0125 | Ensure public access is disabled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0126 | Ensure permissions are tightly controlled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0127 | Ensure flow logs are enabled for AWS Global Accelerator | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0128 | Ensure S3 encryption configuration is configured for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0129 | Ensure CloudWatch log encryption is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0130 | Ensure 'Job Bookmark Encryption' is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0131 | Ensure intelligent threat detection is enabled for all regions via AWS GuardDuty Detector | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0132 | Ensure no root user account access key exists | AWS | Identity and Access Management | HIGH |
AC_AWS_0133 | Ensure there is no IAM user with permanent programmatic access | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0134 | Ensure password policy requires at least one lowercase character for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AWS_0135 | Ensure IAM password policy requires at least one uppercase letter | AWS | Compliance Validation | MEDIUM |
AC_AWS_0136 | Ensure IAM password policy requires minimum length of 14 or greater | AWS | Compliance Validation | MEDIUM |
AC_AWS_0137 | Eliminate use of the root user for administrative and daily tasks | AWS | Compliance Validation | MEDIUM |
AC_AWS_0138 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
AC_AWS_0139 | Ensure password policy requires rotation every 60 days or less for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AWS_0140 | Ensure IAM password policy prevents password reuse | AWS | Compliance Validation | LOW |
AC_AWS_0141 | Ensure password policy requires minimal length of 7 for AWS IAM Account Password Policy | AWS | Compliance Validation | MEDIUM |
AC_AWS_0142 | Ensure IAM password policy requires minimum length of 14 or greater | AWS | Compliance Validation | MEDIUM |
AC_AWS_0144 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached | AWS | Identity and Access Management | HIGH |
AC_AWS_0145 | Ensure that full access to edit IAM Policies is restricted | AWS | Identity and Access Management | HIGH |
AC_AWS_0146 | Ensure IAM policies that allow full administrative privileges are not created and attached inline to a role | AWS | Identity and Access Management | HIGH |
AC_AWS_0147 | Ensure full administrative privileges are not created and are attached to a role using AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0148 | Ensure that every AWS account has a minimum password length policy for AWS IAM User Login Profile | AWS | Compliance Validation | HIGH |
AC_AWS_0149 | Ensure no user can assume the role without MFA is specified in the condition parameter of AWS IAM User Policy | AWS | Compliance Validation | LOW |
AC_AWS_0150 | Ensure a log metric filter and alarm exist for AWS NAT Gateways | AWS | Security Best Practices | HIGH |
AC_AWS_0151 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |