AC_AZURE_0298 | Ensure that Azure Data Explorer uses double encryption in Azure Kusto Cluster | Azure | Data Protection | MEDIUM |
AC_AZURE_0318 | Ensure that integer variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0380 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0415 | Ensure that the retention policy is enabled for Azure Network Watcher Flow Log | Azure | Resilience | MEDIUM |
AC_K8S_0110 | Ensure that the Tiller Service (Helm v2) is not deployed for Kubernetes service | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0119 | Ensure protocols are explicitly declared where possible for Istio Services | Kubernetes | Security Best Practices | MEDIUM |
AC_AWS_0230 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_GCP_0040 | Ensure That Instances Are Not Configured To Use the Default Service Account | GCP | Identity and Access Management | HIGH |
AC_GCP_0259 | Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_AWS_0196 | Ensure IAM Policy does not Allow with NotPrincipal | AWS | Identity and Access Management | HIGH |
AC_AWS_0219 | Ensure 'allow get actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0412 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with value not following standard CIDR | AWS | Identity and Access Management | LOW |
AC_AWS_0414 | Ensure there is no IAM policy with a condition element having NotIpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0417 | Ensure there is no IAM policy with a condition element having IfExists Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0418 | Ensure there is no IAM policy with Redundant action | AWS | Identity and Access Management | LOW |
AC_AZURE_0114 | Ensure HTTPS is enabled for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0117 | Ensure managed identity is used in Azure Windows Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0123 | Ensure managed identity is used in Azure Linux Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0175 | Ensure Azure RBAC (role-based access control) is used to control access to resources for Azure Function App | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0186 | Ensure that admin user is disabled for Azure Container Registry | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0188 | Ensure end-to-end TLS is enabled to encrypt and securely transmit sensitive data to the backend for Azure Application Gateway | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0405 | Ensure admin auth is properly setup for Azure PostgreSQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0589 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0018 | Ensure that Alpha clusters are not used for production workloads | GCP | Security Best Practices | LOW |
AC_AWS_0597 | Ensure MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
AC_AZURE_0195 | Ensure that custom domains are configured in Azure App Service | Azure | Security Best Practices | LOW |
AC_AZURE_0229 | Ensure internal load balancing is enabled for Azure App Service Environment | Azure | Resilience | MEDIUM |
AC_AZURE_0361 | Ensure overprovisioning is disabled for Azure Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
AC_GCP_0295 | Ensure node metadata is concealed for Google Container Node Pool | GCP | Security Best Practices | LOW |
AC_K8S_0120 | Ensure large virtual services are split into multiple resources for Istio Virtual Services | Kubernetes | Security Best Practices | LOW |
AC_AWS_0017 | Ensure egress filter is set as 'DROP_ALL' for AWS Application Mesh | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0087 | Ensure there are no services with admin roles for Amazon Elastic Container Service (ECS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0088 | Ensure Amazon Elastic Container Service (ECS) clusters are placed in a VPC | AWS | Infrastructure Security | HIGH |
AC_AWS_0139 | Ensure password policy requires rotation every 60 days or less for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AWS_0203 | Ensure Enhanced VPC routing should be enabled for AWS Redshift Clusters | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0225 | Ensure network isolation is enabled for AWS SageMaker | AWS | Security Best Practices | MEDIUM |
AC_AZURE_0105 | Ensure that the attribute 'vulnerable_tls_cipher_suite' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0106 | Ensure that the attribute 'acr_authentication' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0107 | Ensure that the attribute 'baseline' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0145 | Ensure ingestion is not supported over public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0196 | Ensure that IP restrictions rules are configured for Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0252 | Ensure public IP addresses are disabled in Azure Databricks Workspaces | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0263 | Ensure public network access is disabled for Azure Batch Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0300 | Ensure virtual network is used to deploy Azure Container Group | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0309 | Ensure default network access rule is set to deny in Azure Storage Account Network Rules | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0316 | Ensure public network access disabled for Azure CosmosDB Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0321 | Ensure public access is disabled for Azure Managed Disk | Azure | Infrastructure Security | HIGH |
AC_GCP_0242 | Ensure default service account is not used for project access in Google Container Cluster | GCP | Security Best Practices | HIGH |
AC_GCP_0265 | Ensure sharing of service account credentials is restricted using Google Service Account | GCP | Security Best Practices | MEDIUM |
AC_GCP_0302 | Ensure security rule is configured for protection against Apache Log4j2 in Google Compute Security Policy | GCP | Infrastructure Security | HIGH |