AC_AZURE_0232 | Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible | Azure | Infrastructure Security | HIGH |
AC_GCP_0013 | Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on' | GCP | Compliance Validation | LOW |
S3_AWS_0009 | Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AZURE_0574 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0576 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0588 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0011 | Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days | GCP | Security Best Practices | LOW |
AC_GCP_0018 | Ensure that Alpha clusters are not used for production workloads | GCP | Security Best Practices | LOW |
AC_AWS_0034 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0555 | Ensure IAM instance roles are used for AWS resource access from instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0570 | Ensure a log metric filter and alarm exist for route table changes | AWS | Security Best Practices | HIGH |
AC_GCP_0278 | Ensure Oslogin Is Enabled for a Project - google_compute_instance | GCP | Security Best Practices | LOW |
AC_GCP_0312 | Ensure That Cloud DNS Logging Is Enabled for All VPC Networks | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0323 | Ensure Compute Instances Are Launched With Shielded VM Enabled | GCP | Infrastructure Security | LOW |
AC_GCP_0229 | Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) | GCP | Data Protection | MEDIUM |
AC_GCP_0230 | Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | GCP | Identity and Access Management | HIGH |
AC_GCP_0252 | Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' | GCP | Compliance Validation | LOW |
AC_GCP_0258 | Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_AWS_0161 | Ensure deletion window for Customer Managed Keys (CMK) is enabled for AWS Key Management Service (KMS) | AWS | Security Best Practices | HIGH |
AC_AZURE_0180 | Ensure load balancer is enabled for Azure Front Door | Azure | Resilience | MEDIUM |
AC_AZURE_0347 | Ensure that automatic failover is enabled for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0242 | Ensure Diagnostic Setting captures appropriate categories | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0333 | Ensure that Activity Log Alert exists for Delete Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0397 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Azure | Infrastructure Security | LOW |
AC_AWS_0033 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | AWS | Logging and Monitoring | HIGH |
AC_AWS_0080 | Ensure EBS volume encryption is enabled | AWS | Data Protection | HIGH |
AC_AZURE_0079 | Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) | Azure | Data Protection | MEDIUM |
AC_AWS_0230 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_GCP_0040 | Ensure That Instances Are Not Configured To Use the Default Service Account | GCP | Identity and Access Management | HIGH |
AC_AWS_0084 | Ensure public repositories are disabled for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | HIGH |
AC_AZURE_0562 | Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | HIGH |
AC_AZURE_0567 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0568 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_linux_web_app | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0582 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_windows_web_app | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0262 | Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured | GCP | Compliance Validation | LOW |
AC_GCP_0263 | Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges | GCP | Compliance Validation | LOW |
AC_GCP_0273 | Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0279 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0306 | Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0309 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0310 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes | GCP | Logging and Monitoring | MEDIUM |
AC_AWS_0566 | Ensure a log metric filter and alarm exist for AWS Config configuration changes | AWS | Security Best Practices | HIGH |
AC_AWS_0587 | Ensure a log metric filter and alarm exist for usage of 'root' account | AWS | Security Best Practices | HIGH |
AC_AWS_0591 | Ensure EBS Volume Encryption is Enabled in all Regions | AWS | Data Protection | HIGH |
AC_AZURE_0025 | Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access | Azure | Infrastructure Security | HIGH |
AC_AZURE_0060 | Ensure that UDP access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
AC_AWS_0597 | Ensure MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
AC_AZURE_0573 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0583 | Ensure FTP deployments are Disabled - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0086 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |