AC_AZURE_0322 | Ensure that Microsoft Defender for Key Vault is set to 'On' | Azure | Data Protection | MEDIUM |
AC_K8S_0047 | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0058 | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0109 | Ensure that the --secure-port argument is not set to 0 | Kubernetes | Infrastructure Security | HIGH |
AC_AZURE_0026 | Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0248 | Ensure That 'PHP version' is the Latest, If Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0126 | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server | Azure | Infrastructure Security | MEDIUM |
S3_AWS_0010 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
AC_K8S_0051 | Prefer using secrets as files over secrets as environment variables | Kubernetes | Infrastructure Security | HIGH |
AC_AWS_0596 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
AC_AZURE_0323 | Ensure that Microsoft Defender for Kubernetes is set to 'On' | Azure | Data Protection | MEDIUM |
AC_K8S_0029 | Ensure that the --secure-port argument is not set to 0 | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0035 | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0092 | Ensure that the --kubelet-https argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0028 | Ensure that the --insecure-port argument is set to 0 | Kubernetes | Infrastructure Security | HIGH |
AC_AWS_0049 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AWS_0434 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
AC_GCP_0367 | Ensure API Keys Are Rotated Every 90 Days | GCP | Security Best Practices | MEDIUM |
AC_K8S_0091 | Ensure that the --token-auth-file parameter is not set | Kubernetes | Identity and Access Management | MEDIUM |
AC_GCP_0231 | Enable VPC Flow Logs and Intranode Visibility | GCP | Infrastructure Security | MEDIUM |
AC_K8S_0010 | Ensure that the --read-only-port is disabled | Kubernetes | Identity and Access Management | LOW |
AC_AZURE_0040 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0053 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Infrastructure Security | HIGH |
AC_AWS_0606 | Ensure MFA Delete is enabled on S3 buckets | AWS | Security Best Practices | HIGH |
AC_GCP_0024 | Ensure authentication using Client Certificates is Disabled | GCP | Identity and Access Management | MEDIUM |
AC_GCP_0315 | Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on' | GCP | Compliance Validation | LOW |
AC_AZURE_0038 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0039 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0045 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0238 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0347 | Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging | GCP | Compliance Validation | LOW |
AC_K8S_0094 | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0038 | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0041 | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0008 | Ensure that a Client CA File is Configured | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0046 | Minimize the admission of privileged containers | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0104 | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | Identity and Access Management | HIGH |
AC_GCP_0300 | Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning' | GCP | Compliance Validation | LOW |
AC_AWS_0160 | Ensure rotation for customer created CMKs is enabled | AWS | Data Protection | HIGH |
AC_K8S_0005 | Ensure that the Anonymous Auth is Not Enabled | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0009 | Ensure that the --rotate-certificates argument is not present or is set to true | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0040 | Ensure that a Client CA File is Configured | Kubernetes | Data Protection | MEDIUM |
AC_AWS_0552 | Ensure MFA is enabled for the "root user" account | AWS | Compliance Validation | HIGH |
AC_AZURE_0047 | Ensure That 'All users with the following roles' is set to 'Owner' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0066 | Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0339 | Ensure that Activity Log Alert exists for Create or Update Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0344 | Ensure that Activity Log Alert exists for Delete Policy Assignment | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0562 | Ensure a log metric filter and alarm exist for CloudTrail configuration changes | AWS | Security Best Practices | HIGH |
AC_AWS_0575 | Ensure that Object-level logging for read events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
AC_AWS_0598 | Ensure a support role has been created to manage incidents with AWS Support | AWS | Identity and Access Management | MEDIUM |