AC_AZURE_0148 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_AZURE_0161 | Ensure that kubernetes dashboard is disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0174 | Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure Image | Azure | Compliance Validation | LOW |
AC_AZURE_0262 | Ensure public network access is disabled for Azure Container Registry | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0281 | Ensure latest version of Azure Kubernetes Cluster is in use | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0310 | Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0358 | Ensure use of NSG with Azure Virtual Machine Scale Set | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0361 | Ensure overprovisioning is disabled for Azure Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
AC_GCP_0015 | Ensure Node Auto-Repair is enabled for GKE nodes | GCP | Security Best Practices | LOW |
AC_GCP_0020 | Ensure private cluster is enabled for Google Container Cluster | GCP | Infrastructure Security | HIGH |
AC_GCP_0032 | Ensure Legacy Networks Do Not Exist for Older Projects | GCP | Infrastructure Security | LOW |
AC_GCP_0037 | Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0195 | Ensure that multi-factor authentication is enabled for all non-service accounts | GCP | Identity and Access Management | LOW |
AC_GCP_0282 | Ensure That Compute Instances Do Not Have Public IP Addresses | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0288 | Ensure only selected container registries are allowed through Google Binary Authorization Policy | GCP | Security Best Practices | MEDIUM |
AC_GCP_0295 | Ensure node metadata is concealed for Google Container Node Pool | GCP | Security Best Practices | LOW |
AC_GCP_0296 | Ensure Container-Optimized OS (cos_containerd) is used for GKE node images | GCP | Compliance Validation | LOW |
AC_GCP_0319 | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
AC_K8S_0018 | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0019 | Ensure that the admission control plugin EventRateLimit is set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0023 | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0030 | Ensure that the --profiling argument is set to false | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0033 | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0036 | Ensure that the --service-account-lookup argument is set to true | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0039 | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0040 | Ensure that a Client CA File is Configured | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0042 | Ensure that the --encryption-provider-config argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0051 | Prefer using secrets as files over secrets as environment variables | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0052 | Ensure that the --profiling argument is set to false | Kubernetes | Logging and Monitoring | LOW |
AC_K8S_0060 | Ensure that the --auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0062 | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0063 | Ensure that the --peer-auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0067 | Ensure Kubernetes dashboard is not deployed | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0082 | Minimize the admission of containers wishing to share the host process ID namespace | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0088 | Ensure mounting Docker socket daemon in a container is limited | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0094 | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0098 | Ensure CPU limit is set for Kubernetes workloads | Kubernetes | Security Best Practices | MEDIUM |
AC_K8S_0115 | Ensure security context is applied to pods and containers with SELinux configured | Kubernetes | Security Best Practices | MEDIUM |
AC_AWS_0086 | Ensure container insights are enabled for Amazon Elastic Container Service (ECS) clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0089 | Ensure potential DATABASE information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0090 | Ensure SECRET information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0091 | Ensure potential TOKEN information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0092 | Ensure potential LICENSE information is not disclosed in plain text in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0101 | Ensure public access is disabled for AWS Elastic Kubernetes Service (EKS) API servers | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0466 | Ensure IAM policy is attached to Amazon Elastic Container Registry (Amazon ECR) repository | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0108 | Ensure public IP addresses are not assigned to Azure Windows Virtual Machines | Azure | Security Best Practices | HIGH |
AC_AZURE_0113 | Ensure backup is enabled using Azure Backup for Azure Linux Virtual Machines | Azure | Security Best Practices | LOW |
AC_AZURE_0265 | Ensure Secrets are not exposed in customData used in Azure Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0290 | Ensure that Azure policies add-on are used for Azure Kubernetes Cluster | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0291 | Ensure that logging to Azure Monitoring is configured for Azure Kubernetes Cluster | Azure | Logging and Monitoring | MEDIUM |