AC_AWS_0497 | Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0550 | Ensure actions '*' and resource '*' are not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AZURE_0157 | Ensure that pod security policy is enabled for Azure Kubernetes Cluster | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0278 | Ensure HTTP is disallowed for Azure CDN Endpoint | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0329 | Ensure custom script extensions are not used in Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0375 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Compliance Validation | LOW |
AC_GCP_0025 | Ensure use of VPC-native clusters | GCP | Compliance Validation | HIGH |
AC_GCP_0030 | Ensure Stackdriver Kubernetes Logging and Monitoring is Enabled | GCP | Logging and Monitoring | HIGH |
AC_GCP_0337 | Ensure Cloud Asset Inventory Is Enabled | GCP | Logging and Monitoring | MEDIUM |
AC_K8S_0090 | Ensure that the --basic-auth-file argument is not set | Kubernetes | Identity and Access Management | MEDIUM |
AC_AZURE_0574 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0576 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0588 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0011 | Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days | GCP | Security Best Practices | LOW |
AC_AWS_0034 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0555 | Ensure IAM instance roles are used for AWS resource access from instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0570 | Ensure a log metric filter and alarm exist for route table changes | AWS | Security Best Practices | HIGH |
AC_GCP_0278 | Ensure Oslogin Is Enabled for a Project - google_compute_instance | GCP | Security Best Practices | LOW |
AC_GCP_0312 | Ensure That Cloud DNS Logging Is Enabled for All VPC Networks | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0323 | Ensure Compute Instances Are Launched With Shielded VM Enabled | GCP | Infrastructure Security | LOW |
AC_AWS_0386 | Ensure that inline policy does not expose secrets in AWS Secrets Manager | AWS | Security Best Practices | HIGH |
AC_AZURE_0214 | Ensure Azure Keyvaults are used to store secrets | Azure | Data Protection | LOW |
AC_AZURE_0356 | Ensure every subnet block is configured with a Network Security Group in Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0385 | Ensure that standard pricing tiers are selected in Azure Security Center Subscription Pricing | Azure | Security Best Practices | MEDIUM |
AC_GCP_0233 | Ensure logging is enabled for Google Cloud Storage Buckets | GCP | Logging and Monitoring | LOW |
AC_GCP_0229 | Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) | GCP | Data Protection | MEDIUM |
AC_GCP_0230 | Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | GCP | Identity and Access Management | HIGH |
AC_GCP_0252 | Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' | GCP | Compliance Validation | LOW |
AC_GCP_0258 | Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0358 | Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | GCP | Logging and Monitoring | LOW |
AC_GCP_0365 | Ensure API Keys Only Exist for Active Services | GCP | Security Best Practices | MEDIUM |
AC_AWS_0044 | Ensure 'password policy' is enabled - at least 1 lower case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0075 | Ensure deletion protection is enabled for AWS DocumentDB Clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0117 | Ensure latest TLS version is used for AWS ElasticSearch Nodes | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0154 | Ensure IMDSv1 is disabled for AWS EC2 instances | AWS | Infrastructure Security | HIGH |
AC_AWS_0367 | Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway Volumes | AWS | Security Best Practices | HIGH |
AC_AWS_0375 | Ensure server-side encryption (SSE) is enforced for AWS DynamoDB tables | AWS | Data Protection | MEDIUM |
AC_AWS_0376 | Ensure server side encryption (SSE) is using a customer-managed KMS Key for AWS DynamoDB tables | AWS | Data Protection | HIGH |
AC_AWS_0379 | Ensure all data stored is encrypted in-transit for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0380 | Ensure all data stored is encrypted in-transit and has auth token for authentication for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0423 | Ensure SSL is enforced for parameter groups associated with AWS Redshift clusters | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0463 | Ensure Transit Encryption is enabled for Amazon Elastic Container Service (ECS) Task Definition using Elastic File System (EFS) Volumes | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0576 | Ensure private subnets are not used to deploy AWS NAT Gateways | AWS | Data Protection | HIGH |
AC_AZURE_0095 | Ensure TLS 1.2 or greater is used for IoT Hub | Azure | Infrastructure Security | HIGH |
AC_AZURE_0151 | Ensure LinuxDiagnostic is enabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0168 | Ensure access level is set to 'Read' for Azure Managed Disk SAS Token | Azure | Data Protection | MEDIUM |
AC_AZURE_0173 | Ensure 'ReadOnly' cache is enabled on Data disks with read heavy operations to get higher read IOPS for Azure Image | Azure | Compliance Validation | LOW |
AC_AZURE_0220 | Ensure Customer Managed Key (CMK) is configured for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0228 | Ensure that customer managed key is used for encryption for Azure Container Registry | Azure | Data Protection | MEDIUM |
AC_AZURE_0288 | Ensure password authentication is disabled for Azure Linux Virtual Machine | Azure | Security Best Practices | MEDIUM |