AC_AZURE_0311 | Ensure public access is disabled for Azure IoT Hub | Azure | Infrastructure Security | HIGH |
AC_AZURE_0312 | Ensure public network access disabled for Azure Eventgrid Domain | Azure | Infrastructure Security | HIGH |
AC_AZURE_0313 | Ensure that virtual networks are in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0314 | Ensure that Web Application Firewall (WAF) enabled for Azure Front Door | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0315 | Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0316 | Ensure public network access disabled for Azure CosmosDB Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0317 | Ensure that string variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0318 | Ensure that integer variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0319 | Ensure that date-time variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0320 | Ensure that boolean variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0321 | Ensure public access is disabled for Azure Managed Disk | Azure | Infrastructure Security | HIGH |
AC_AZURE_0322 | Ensure that Microsoft Defender for Key Vault is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0323 | Ensure that Microsoft Defender for Kubernetes is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0324 | Ensure that Microsoft Defender for Container Registries is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0325 | Ensure that Microsoft Defender for Storage is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0326 | Ensure that Microsoft Defender for SQL servers on machines is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0327 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Data Protection | MEDIUM |
AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0329 | Ensure custom script extensions are not used in Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0330 | Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0331 | Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0332 | Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0333 | Ensure that Activity Log Alert exists for Delete Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0334 | Ensure FTP deployments are Disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0335 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0336 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0337 | Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0338 | Ensure that Activity Log Alert exists for Delete Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0339 | Ensure that Activity Log Alert exists for Create or Update Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0340 | Ensure that Activity Log alert exists for the Delete Network Security Group Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0341 | Ensure that Activity Log Alert exists for Create or Update Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0342 | Ensure that RDP access is restricted from the internet | Azure | Infrastructure Security | HIGH |
AC_AZURE_0343 | Ensure that Activity Log Alert exists for Create or Update Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0344 | Ensure that Activity Log Alert exists for Delete Policy Assignment | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0345 | Ensure data exfiltration protection is enabled for Azure Synapse Workspace | Azure | Data Protection | MEDIUM |
AC_AZURE_0346 | Ensure provider status is in provisioned state for Azure Express Route Circuit | Azure | Compliance Validation | LOW |
AC_AZURE_0347 | Ensure that automatic failover is enabled for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0348 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_AZURE_0349 | Ensure disk encryption is enabled for Azure Windows Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
AC_AZURE_0350 | Ensure overprovisioning is disabled for Azure Windows Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
AC_AZURE_0351 | Ensure Azure Web Application Firewall Policy is enabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0352 | Ensure communications with known malicious IP addresses are denied via Azure Web Application Firewall Policy | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0353 | Ensure a site-to-site VPN functionality by making use of Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0354 | Ensure that VPN Encryption is enabled for Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0355 | Ensure DDoS protection standard is enabled for Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0356 | Ensure every subnet block is configured with a Network Security Group in Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0357 | Ensure that UDP Services are restricted from the Internet | Azure | Infrastructure Security | HIGH |
AC_AZURE_0358 | Ensure use of NSG with Azure Virtual Machine Scale Set | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0359 | Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale Set | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0360 | Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale Set | Azure | Security Best Practices | MEDIUM |