AC_AWS_0115 | Ensure HTTPS-only is enforced for AWS ElasticSearch Domain | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0182 | Ensure storage encryption is enabled for AWS Neptune cluster | AWS | Data Protection | HIGH |
AC_AWS_0371 | Ensure user volumes are encrypted for the AWS Workspaces | AWS | Data Protection | MEDIUM |
AC_AWS_0461 | Ensure AWS ECR Repository uses KMS for server-side encryption | AWS | Data Protection | MEDIUM |
AC_AZURE_0096 | Ensure IP addresses are masked in the logs for IoT Hub | Azure | Infrastructure Security | LOW |
AC_AZURE_0208 | Ensure that Active Azure Service Fabric clusters are automatically upgraded to latest version | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0209 | Ensure that Active Azure Service Fabric clusters are not using CVE-2022-30137 vulnerable cluster version(8.2.1124.1) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0304 | Ensure extensions are not installed on Azure Windows Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0379 | Ensure data encryption is enabled for Azure Synapse SQL Pool | Azure | Data Protection | MEDIUM |
AC_AZURE_0398 | Ensure infrastructure encryption for Azure PostgreSQL Server is enabled | Azure | Infrastructure Security | MEDIUM |
AC_K8S_0002 | Ensure HTTPS is enabled on Kubernetes Ingress resource | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0020 | Ensure kube-controller-manager (affected versions of kube-controller-manager: v1.18.0, v1.17.0 - v1.17.4, v1.16.0 - v1.16.8, and v1.15.11) are not vulnerable to CVE-2020-8555 | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0071 | Ensure that the Tiller Service (Helm v2) is not deployed for Kubernetes workloads | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0125 | Ensure kernel level call configurations are not vulnerable to CVE-2022-0811 in all Kubernetes workloads | Kubernetes | Identity and Access Management | HIGH |
AC_AWS_0565 | Ensure a log metric filter and alarm exist for S3 bucket policy changes | AWS | Security Best Practices | HIGH |
S3_AWS_0009 | Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AZURE_0021 | Ensure Soft Delete is Enabled for Azure Containers and Blob Storage | Azure | Data Protection | MEDIUM |
AC_AZURE_0061 | Ensure that SSH access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
AC_AZURE_0062 | Ensure that RDP access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
AC_AZURE_0191 | Ensure Web App is using the latest version of TLS encryption | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0232 | Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible | Azure | Infrastructure Security | HIGH |
AC_GCP_0013 | Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on' | GCP | Compliance Validation | LOW |
AC_AWS_0204 | Ensure CloudWatch logging is enabled for AWS Route53 hosted zones | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0387 | Ensure that access policy does not allow anonymous access for AWS Secrets Manager | AWS | Security Best Practices | HIGH |
AC_AZURE_0279 | Ensure notification email setting is enabled for Azure SQL Database Threat Detection Policy | Azure | Logging and Monitoring | LOW |
AC_AWS_0028 | Ensure IAM policies with wildcard (*) resource and NotAction are not attached or used | AWS | Identity and Access Management | HIGH |
AC_AWS_0146 | Ensure IAM policies that allow full administrative privileges are not created and attached inline to a role | AWS | Identity and Access Management | HIGH |
AC_AWS_0195 | Ensure policy with iam:Passrole/* action and NotResource attributes is not used | AWS | Identity and Access Management | HIGH |
AC_AWS_0213 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached with control tower | AWS | Identity and Access Management | LOW |
AC_AWS_0220 | Ensure 'allow list actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0222 | Ensure 'allow put or restore actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0415 | Ensure there is no IAM policy with a condition element having ForAllValues Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0419 | Ensure no wildcards are used in resource ARN for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AZURE_0118 | Ensure latest TLS version is in use for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0176 | Ensure managed identity is used in Azure Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0364 | Ensure that the latest OS patches for Azure Virtual Machine | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0411 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0574 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0576 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0588 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0011 | Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days | GCP | Security Best Practices | LOW |
AC_AWS_0045 | Ensure 'password policy' is enabled - at least 1 upper case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0046 | Ensure 'password policy' is enabled - at least 1 symbol | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0052 | Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0071 | Ensure encryption at rest is enabled for AWS DocumentDB clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0079 | Ensure default encryption is enabled for AWS EBS Volumes | AWS | Data Protection | HIGH |
AC_AWS_0125 | Ensure public access is disabled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0179 | Ensure auto minor version upgrade is enabled for AWS MQ Brokers | AWS | Security Best Practices | MEDIUM |
AC_AWS_0180 | Ensure inter-cluster encryption is enabled for AWS MSK cluster | AWS | Data Protection | HIGH |
AC_AWS_0181 | Ensure that TLS-Only communication should be allowed between AWS MSK client and broker | AWS | Infrastructure Security | HIGH |