| AC_AWS_0146 | Ensure IAM policies that allow full administrative privileges are not created and attached inline to a role | AWS | Identity and Access Management | HIGH |
| AC_AWS_0195 | Ensure policy with iam:Passrole/* action and NotResource attributes is not used | AWS | Identity and Access Management | HIGH |
| AC_AWS_0213 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached with control tower | AWS | Identity and Access Management | LOW |
| AC_AWS_0220 | Ensure 'allow list actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
| AC_AWS_0222 | Ensure 'allow put or restore actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
| AC_AWS_0415 | Ensure there is no IAM policy with a condition element having ForAllValues Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
| AC_AWS_0419 | Ensure no wildcards are used in resource ARN for AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AZURE_0118 | Ensure latest TLS version is in use for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0176 | Ensure managed identity is used in Azure Function App | Azure | Identity and Access Management | LOW |
| AC_AZURE_0364 | Ensure that the latest OS patches for Azure Virtual Machine | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0411 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
| AC_AWS_0040 | Ensure IAM policies with NotAction and NotResource are not attached or used | AWS | Identity and Access Management | HIGH |
| AC_AWS_0221 | Ensure 'allow put actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
| AC_AWS_0413 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
| AC_AZURE_0161 | Ensure that kubernetes dashboard is disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0177 | Ensure latest TLS version is in use for Azure Function App | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0178 | Ensure HTTPS is enabled for Azure Function App | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0249 | Ensure that '.Net Framework' version is the latest in Azure App Service | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0388 | Ensure guest users are disabled for Azure Role Assignment | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0400 | Ensure TLS connection is enabled for Azure PostgreSQL Server | Azure | Infrastructure Security | MEDIUM |
| AC_AWS_0151 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
| AC_AWS_0585 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0001 | Ensure AWS ACM only has certificates with single domain names, and none with wildcard domain names | AWS | Compliance Validation | LOW |
| AC_AWS_0083 | Ensure scan on push is enabled on Amazon Elastic Container Registry (Amazon ECR) repository | AWS | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AWS_0118 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain_policy | AWS | Identity and Access Management | HIGH |
| AC_AWS_0149 | Ensure no user can assume the role without MFA is specified in the condition parameter of AWS IAM User Policy | AWS | Compliance Validation | LOW |
| AC_AWS_0217 | Ensure 'allow all actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
| AC_AZURE_0100 | Ensure that the attribute 'ip_filter_deny_all' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0149 | Ensure anti-malware protection is enabled with real time protection for Azure Linux Virtual Machine Scale Set | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0204 | Ensure Synapse Workspace is not accessible to public via Azure Synapse Firewall Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0207 | Ensure cross account access is disabled for Azure Redis Cache | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0254 | Ensure public network access is disabled for Azure Cognitive Account | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0258 | Ensure default connection policy is not in use for Azure SQL Server | Azure | Compliance Validation | LOW |
| AC_AZURE_0266 | Ensure managed virtual networks are in use for Azure Synapse Workspace | Azure | Infrastructure Security | LOW |
| AC_AZURE_0307 | Ensure public access is disabled for Azure Search Service | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0313 | Ensure that virtual networks are in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0335 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
| AC_GCP_0284 | Ensure datastore storage resource does not have access policy set to 'Public' for Google App Engine Application | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0286 | Ensure compatibility firestore storage resource does not have access policy set to 'Public' for Google App Engine Application | GCP | Infrastructure Security | MEDIUM |
| AC_K8S_0121 | Ensure default-deny patterns are defined for Istio Authorization Policy | Kubernetes | Infrastructure Security | HIGH |
| AC_AWS_0032 | Ensure a web application firewall is enabled for AWS CloudFront distribution | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0078 | Ensure customer managed keys (CMK) are used for server side encryption (SSE) of AWS DyanamoDB tables | AWS | Data Protection | MEDIUM |
| AC_AWS_0101 | Ensure public access is disabled for AWS Elastic Kubernetes Service (EKS) API servers | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0106 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain | AWS | Identity and Access Management | HIGH |
| AC_AWS_0232 | Ensure insecure SSL protocols are not configured for AWS CloudFront origin | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0384 | Ensure data encryption is enabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
| AC_AWS_0391 | Ensure 'public IP on launch' is not enabled for AWS Subnets | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0396 | Ensure requests greater than 8 KB are blocked by AWS Web Application Firewall | AWS | Security Best Practices | HIGH |
| AC_AWS_0424 | Ensure direct access from the internet is disabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
| AC_AWS_0438 | Ensure that there are no orphan in AWS IAM groups | AWS | Compliance Validation | LOW |
