AC_AZURE_0308 | Ensure public access is disabled for Azure MySQL Single Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0353 | Ensure a site-to-site VPN functionality by making use of Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0374 | Ensure a firewall is attached to Azure SQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0383 | Ensure that 'Threat Detection' is enabled for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0248 | Ensure default service account is not used at organization level for Google Cloud | GCP | Identity and Access Management | HIGH |
AC_K8S_0049 | Ensure ALLOW-with-positive-matching exist for Istio Authorization Object | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0118 | Ensure overly broad host configuration is not allowed for Istio Gateway | Kubernetes | Infrastructure Security | HIGH |
AC_AWS_0097 | Ensure VPC is enabled for AWS Redshift Cluster | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0123 | Ensure access logging is enabled for AWS ELB | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0164 | Ensure VPC access is enabled for AWS Lambda Functions | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0392 | Ensure public IP address is not used AWS EC2 instances | AWS | Infrastructure Security | HIGH |
AC_AWS_0399 | Ensure public IP address is not assigned to Amazon Elastic Container Service (ECS) | AWS | Infrastructure Security | HIGH |
AC_AWS_0578 | Ensure AWS NAT Gateways are used instead of default routes for AWS Route Table | AWS | Data Protection | HIGH |
AC_AZURE_0092 | Ensure shared access policies are not used for IoT Hub Device Provisioning Service (DPS) | Azure | Infrastructure Security | HIGH |
AC_AZURE_0098 | Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0101 | Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to false | Azure | Infrastructure Security | HIGH |
AC_AZURE_0102 | Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0109 | Ensure public IP addresses are not assigned to Azure Linux Virtual Machines | Azure | Security Best Practices | HIGH |
AC_AZURE_0206 | Ensure cross account access is disabled for Azure SQL Firewall Rule | Azure | Identity and Access Management | MEDIUM |
AC_AWS_0036 | Ensure CloudTrail log file validation is enabled | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0038 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0039 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0045 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0238 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0347 | Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging | GCP | Compliance Validation | LOW |
AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
AC_AZURE_0387 | Ensure That No Custom Subscription Owner Roles Are Created | Azure | Identity and Access Management | MEDIUM |
AC_AWS_0597 | Ensure MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
AC_AZURE_0272 | Ensure CIFS / SMB (TCP:3020) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0276 | Ensure Cassandra OpsCenter (TCP:61621) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0287 | Ensure SSH (TCP:22) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0351 | Ensure Azure Web Application Firewall Policy is enabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0381 | Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0391 | Ensure that firewall rules does not allow unrestricted access to Azure Redis Cache from other Azure sources | Azure | Infrastructure Security | HIGH |
AC_AZURE_0423 | Ensure VNC Server (TCP:5900) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0435 | Ensure SaltStack Master (TCP:4505) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0451 | Ensure Puppet Master (TCP:8140) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0456 | Ensure PostgreSQL (Udp:5432) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0458 | Ensure PostgreSQL (TCP:5432) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0463 | Ensure POP3 (TCP:110) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0464 | Ensure Oracle DB SSL (Udp:2484) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0467 | Ensure Oracle DB SSL (TCP:2484) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0475 | Ensure NetBIOS Session Service (TCP:139) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0485 | Ensure NetBIOS Name Service (TCP:137) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0499 | Ensure Memcached SSL (Udp:11215) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0501 | Ensure Memcached SSL (Udp:11214) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0503 | Ensure Memcached SSL (TCP:11215) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0504 | Ensure Memcached SSL (TCP:11215) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0509 | Ensure MSSQL Server (TCP:1433) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0512 | Ensure MSSQL Debugger (TCP:135) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |