AC_AZURE_0059 | Ensure that HTTP(S) access from the Internet is evaluated and restricted | Azure | Infrastructure Security | LOW |
AC_AZURE_0370 | Ensure that 'Public access level' is disabled for storage accounts with blob containers | Azure | Infrastructure Security | HIGH |
AC_AWS_0609 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AZURE_0169 | Ensure that logging for Azure KeyVault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_K8S_0021 | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0026 | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0044 | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0053 | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | Identity and Access Management | LOW |
AC_AZURE_0557 | Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
AC_AZURE_0241 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_GCP_0276 | Ensure use of Binary Authorization | GCP | Infrastructure Security | LOW |
AC_GCP_0327 | Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key | GCP | Infrastructure Security | LOW |
AC_GCP_0330 | Ensure Essential Contacts is Configured for Organization | GCP | Logging and Monitoring | LOW |
AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_K8S_0032 | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
AC_K8S_0055 | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_GCP_0027 | Ensure Master Authorized Networks is Enabled | GCP | Infrastructure Security | HIGH |
AC_K8S_0059 | Ensure that the --client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_GCP_0271 | Ensure Secure Boot for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
AC_AZURE_0412 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0005 | Ensure That Service Account Has No Admin Privileges - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_AZURE_0375 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Compliance Validation | LOW |
AC_K8S_0090 | Ensure that the --basic-auth-file argument is not set | Kubernetes | Identity and Access Management | MEDIUM |
AC_GCP_0025 | Ensure use of VPC-native clusters | GCP | Compliance Validation | HIGH |
AC_GCP_0030 | Ensure Stackdriver Kubernetes Logging and Monitoring is Enabled | GCP | Logging and Monitoring | HIGH |
AC_GCP_0337 | Ensure Cloud Asset Inventory Is Enabled | GCP | Logging and Monitoring | MEDIUM |
AC_K8S_0031 | Ensure that the --audit-log-path argument is set | Kubernetes | Logging and Monitoring | MEDIUM |
AC_AZURE_0212 | Ensure the "Minimum TLS version" is set to "Version 1.2" | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0017 | Ensure Node Auto-Upgrade is enabled for GKE nodes | GCP | Security Best Practices | LOW |
AC_GCP_0297 | Ensure legacy Compute Engine instance metadata APIs are Disabled | GCP | Infrastructure Security | LOW |
AC_GCP_0358 | Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | GCP | Logging and Monitoring | LOW |
AC_GCP_0365 | Ensure API Keys Only Exist for Active Services | GCP | Security Best Practices | MEDIUM |
AC_AZURE_0036 | Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key | Azure | Data Protection | MEDIUM |
AC_AZURE_0048 | Ensure That 'Notify about alerts with the following severity' is Set to 'High' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0136 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0137 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0218 | Ensure that Activity Log Alert exists for Create Policy Assignment | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0348 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_GCP_0268 | Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer | GCP | Identity and Access Management | LOW |
AC_GCP_0270 | Ensure the GKE Metadata Server is Enabled | GCP | Security Best Practices | LOW |
AC_GCP_0259 | Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0004 | Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account | GCP | Identity and Access Management | LOW |
AC_GCP_0028 | Ensure Legacy Authorization (ABAC) is Disabled | GCP | Identity and Access Management | HIGH |
AC_GCP_0018 | Ensure that Alpha clusters are not used for production workloads | GCP | Security Best Practices | LOW |
AC_AWS_0565 | Ensure a log metric filter and alarm exist for S3 bucket policy changes | AWS | Security Best Practices | HIGH |
S3_AWS_0009 | Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AZURE_0021 | Ensure Soft Delete is Enabled for Azure Containers and Blob Storage | Azure | Data Protection | MEDIUM |
AC_AZURE_0061 | Ensure that SSH access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |