AC_AWS_0111 | Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0023 | Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
AC_AWS_0041 | Ensure resource ARNs do not have arn field missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0126 | Ensure permissions are tightly controlled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0128 | Ensure S3 encryption configuration is configured for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0129 | Ensure CloudWatch log encryption is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0162 | Ensure that access policy is updated for AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
AC_AWS_0165 | Ensure environment variables do not use AWS secret keys, access keys, or access tokens for AWS Lambda Functions | AWS | Identity and Access Management | HIGH |
AC_AWS_0216 | Ensure AWS S3 Bucket object ownership is more restrictive | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0377 | Ensure permissions are tightly controlled for AWS EFS File System | AWS | Identity and Access Management | HIGH |
AC_AWS_0406 | Ensure NotResource is removed from all AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0407 | Ensure Effect is set to 'Deny' if Resource is used in Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0422 | Ensure AWS Redshift Snapshot Retention Policy is more than 7 days | AWS | Compliance Validation | MEDIUM |
AC_AWS_0439 | Ensure authorization is enabled for AWS API Gateway Method | AWS | Infrastructure Security | HIGH |
AC_AWS_0450 | Ensure no wildcards are being used in AWS API Gateway Rest API Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0476 | Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
AC_AWS_0492 | Ensure use of NotAction with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0494 | Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0619 | Ensure AWS Lambda function permissions have a source ARN specified | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0138 | Ensure geo-redundant backups are enabled for Azure MariaDB Server | Azure | Resilience | MEDIUM |
AC_AZURE_0187 | Ensure user id's are all system managed for Azure Container Group | Azure | Identity and Access Management | LOW |
AC_AZURE_0197 | Ensure custom script extensions are not used in Azure Windows Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0200 | Ensure custom script extensions are not used in Azure Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0407 | Ensure geo-redundant backups are enabled for Azure PostgreSQL Server | Azure | Resilience | MEDIUM |
AC_AZURE_0548 | Ensure disk encryption is enabled for Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0551 | Ensure geo-redundant backups are enabled for Azure MySQL Flexible Server | Azure | Data Protection | HIGH |
AC_AWS_0200 | Ensure audit logging feature is enabled for AWS Redshift clusters | AWS | Logging and Monitoring | LOW |
AC_AWS_0205 | Ensure record sets are configured for AWS Route53HostedZones | AWS | Logging and Monitoring | HIGH |
AC_AWS_0047 | Ensure 'password policy' is enabled - at least 1 number | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0148 | Ensure that every AWS account has a minimum password length policy for AWS IAM User Login Profile | AWS | Compliance Validation | HIGH |
AC_AWS_0158 | Ensure sufficient data retention period is set for AWS Kinesis Streams | AWS | Resilience | MEDIUM |
AC_GCP_0269 | Ensure that 'always allow' evaluation mode is restricted for Google Binary Authorization Policy | GCP | Security Best Practices | MEDIUM |
AC_GCP_0292 | Ensure that SSH access is restricted from the internet | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0293 | Ensure that SSH access is restricted from the internet | GCP | Infrastructure Security | LOW |
AC_K8S_0068 | Ensure image tag is set in Kubernetes workload configuration | Kubernetes | Security Best Practices | LOW |
AC_AWS_0147 | Ensure full administrative privileges are not created and are attached to a role using AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0218 | Ensure 'allow delete actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0411 | Ensure there is no IAM policy with empty SID value | AWS | Identity and Access Management | LOW |
AC_AWS_0416 | Ensure there is no IAM policy with a condition element having ForAnyValue Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0421 | Ensure there is no IAM policy with empty array resource | AWS | Identity and Access Management | LOW |
AC_AZURE_0301 | Ensure that key vault is used to encrypt data for Azure Batch Account | Azure | Data Protection | MEDIUM |
AC_AWS_0068 | Ensure public access is disabled for AWS Database Migration Service (DMS) instances | AWS | Data Protection | HIGH |
AC_AWS_0085 | Ensure permissions are tightly controlled for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | HIGH |
AC_AWS_0099 | Ensure there are no public file systems for AWS Elastic File System (EFS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0437 | Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshots | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0093 | Ensure public access is disabled for Azure IoT Hub Device Provisioning Service (DPS) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0094 | Ensure shared access policies are not used for IoT Hub | Azure | Infrastructure Security | HIGH |
AC_AZURE_0097 | Ensure that the Microsoft Defender for IoT Hub is enabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0103 | Ensure that the attribute 'inconsistent_module_settings' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0135 | Ensure public access is disabled for Azure MSSQL Server | Azure | Infrastructure Security | HIGH |