AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0021 | Ensure Soft Delete is Enabled for Azure Containers and Blob Storage | Azure | Data Protection | MEDIUM |
AC_AZURE_0061 | Ensure that SSH access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
AC_AZURE_0062 | Ensure that RDP access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
AC_AZURE_0191 | Ensure Web App is using the latest version of TLS encryption | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0232 | Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible | Azure | Infrastructure Security | HIGH |
AC_AWS_0226 | Ensure secrets should be auto-rotated after not more than 90 days | AWS | Compliance Validation | HIGH |
AC_AWS_0470 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0418 | Ensure that Network Watcher is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_GCP_0036 | Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute Instance | GCP | Data Protection | MEDIUM |
AC_GCP_0038 | Ensure default setting for OSLogin is not overridden by Google Compute Instance | GCP | Identity and Access Management | LOW |
S3_AWS_0015 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_AWS_0595 | Ensure access keys are rotated every 90 days or less | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0401 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_K8S_0102 | Ensure impersonate access to Kubernetes resources is minimized in Kubernetes Role | Kubernetes | Identity and Access Management | HIGH |
AC_AZURE_0574 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0576 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0016 | Ensure container-optimized OS (COS) is used for Google Container Node Pool | GCP | Compliance Validation | LOW |
AC_AWS_0137 | Eliminate use of the root user for administrative and daily tasks | AWS | Compliance Validation | MEDIUM |
AC_AWS_0589 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AWS_0555 | Ensure IAM instance roles are used for AWS resource access from instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0570 | Ensure a log metric filter and alarm exist for route table changes | AWS | Security Best Practices | HIGH |
AC_GCP_0278 | Ensure Oslogin Is Enabled for a Project - google_compute_instance | GCP | Security Best Practices | LOW |
AC_AWS_0428 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0044 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0332 | Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
AC_GCP_0336 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
AC_K8S_0062 | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0063 | Ensure that the --peer-auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_GCP_0229 | Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) | GCP | Data Protection | MEDIUM |
AC_GCP_0230 | Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | GCP | Identity and Access Management | HIGH |
AC_GCP_0258 | Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_AWS_0019 | Ensure there is no policy with Empty array Action | AWS | Identity and Access Management | LOW |
AC_AWS_0223 | Ensure 'allow getAcl actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0224 | Ensure 'allow putAcl actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
S3_AWS_0013 | Ensure there are no world-writeable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
S3_AWS_0014 | Ensure there are no world-readable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_K8S_0054 | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0130 | Ensure that the --profiling argument is set to false | Kubernetes | Compliance Validation | MEDIUM |
AC_AWS_0036 | Ensure CloudTrail log file validation is enabled | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0230 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AWS_0427 | Ensure hardware MFA is enabled for the "root user" account | AWS | Compliance Validation | HIGH |
AC_GCP_0040 | Ensure That Instances Are Not Configured To Use the Default Service Account | GCP | Identity and Access Management | HIGH |
AC_AZURE_0248 | Ensure That 'PHP version' is the Latest, If Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_GCP_0358 | Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | GCP | Logging and Monitoring | LOW |
AC_GCP_0365 | Ensure API Keys Only Exist for Active Services | GCP | Security Best Practices | MEDIUM |
S3_AWS_0003 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_GCP_0296 | Ensure Container-Optimized OS (cos_containerd) is used for GKE node images | GCP | Compliance Validation | LOW |
AC_AWS_0097 | Ensure VPC is enabled for AWS Redshift Cluster | AWS | Infrastructure Security | MEDIUM |