AC_AWS_0044 | Ensure 'password policy' is enabled - at least 1 lower case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0047 | Ensure 'password policy' is enabled - at least 1 number | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0158 | Ensure sufficient data retention period is set for AWS Kinesis Streams | AWS | Resilience | MEDIUM |
AC_AWS_0045 | Ensure 'password policy' is enabled - at least 1 upper case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0046 | Ensure 'password policy' is enabled - at least 1 symbol | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0139 | Ensure password policy requires rotation every 60 days or less for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AWS_0096 | Ensure encryption is enabled for AWS EFS file systems | AWS | Data Protection | HIGH |
AC_AWS_0317 | Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
AC_AWS_0318 | Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block range | AWS | Infrastructure Security | HIGH |
AC_AWS_0370 | Ensure default VPC is not used for AWS VPC | AWS | Security Best Practices | MEDIUM |
AC_AWS_0509 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0514 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0517 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0528 | Ensure LDAP (UDP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0529 | Ensure LDAP (UDP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0534 | Ensure Memcached SSL (UDP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0544 | Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0515 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0527 | Ensure LDAP (UDP:389) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0533 | Ensure Memcached SSL (UDP:11211) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0538 | Ensure Oracle DB (TCP:2483) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0542 | Ensure Redis without SSL (TCP:6379) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0270 | Ensure Security Groups do not have unrestricted specific ports open - Oracle Database Server (TCP,1521) | AWS | Infrastructure Security | HIGH |
AC_AWS_0311 | Ensure Cassandra Client (TCP:9042) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0362 | Ensure MongoDB' (TCP,27017) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0511 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0512 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0518 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0522 | Ensure Cassandra Thrift (TCP:9160) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0541 | Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0058 | Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0067 | Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scope | AWS | Infrastructure Security | HIGH |
AC_AWS_0149 | Ensure no user can assume the role without MFA is specified in the condition parameter of AWS IAM User Policy | AWS | Compliance Validation | LOW |
AC_AWS_0217 | Ensure 'allow all actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0157 | Ensure KMS customer managed keys are used for encryption in AWS Kinesis Streams | AWS | Data Protection | HIGH |
AC_AWS_0429 | Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets | AWS | Data Protection | HIGH |
AC_AWS_0547 | Ensure there is an encrypted connection between AWS CloudFront server and Origin server | AWS | Data Protection | HIGH |
AC_AWS_0171 | Ensure weak ciphers are removed for AWS Elastic Load Balancers (ELB) | AWS | Infrastructure Security | HIGH |
S3_AWS_0001 | Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_AWS_0172 | Ensure recommended SSL/TLS protocol version is used for AWS Elastic Load Balancers (ELB) | AWS | Infrastructure Security | HIGH |
AC_AWS_0233 | Ensure Cassandra Client (TCP:9042) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0508 | Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0523 | Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0524 | Ensure LDAP (TCP:389) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0526 | Ensure LDAP (TCP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0530 | Ensure Memcached SSL (TCP:11211) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0531 | Ensure Memcached SSL (TCP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0532 | Ensure Memcached SSL (TCP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0536 | Ensure Oracle DB (TCP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0537 | Ensure Oracle DB (TCP:2483) is not exposed to public | AWS | Infrastructure Security | MEDIUM |