AC_AWS_0218 | Ensure 'allow delete actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0377 | Ensure permissions are tightly controlled for AWS EFS File System | AWS | Identity and Access Management | HIGH |
AC_AWS_0385 | Ensure public access is disabled for Amazon Simple Notification Service (SNS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0411 | Ensure there is no IAM policy with empty SID value | AWS | Identity and Access Management | LOW |
AC_AWS_0416 | Ensure there is no IAM policy with a condition element having ForAnyValue Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0421 | Ensure there is no IAM policy with empty array resource | AWS | Identity and Access Management | LOW |
AC_AWS_0450 | Ensure no wildcards are being used in AWS API Gateway Rest API Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0475 | Ensure redundant resources are not used for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0476 | Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
AC_AWS_0491 | Ensure CloudTrail created sns policy have a condition key with either aws:SourceArn or aws:SourceAccount condition key used in Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0492 | Ensure use of NotAction with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0494 | Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0554 | Ensure there is only one active access key available for any single IAM user | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0555 | Ensure IAM instance roles are used for AWS resource access from instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0619 | Ensure AWS Lambda function permissions have a source ARN specified | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0187 | Ensure user id's are all system managed for Azure Container Group | Azure | Identity and Access Management | LOW |
AC_AZURE_0205 | Ensure cross account access is disabled for Azure SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0237 | Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0366 | Ensure that 'Public access level' is set to Private for blob containers | Azure | Identity and Access Management | HIGH |
AC_GCP_0004 | Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account | GCP | Identity and Access Management | LOW |
AC_GCP_0005 | Ensure That Service Account Has No Admin Privileges - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0006 | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0008 | Ensure that corporate login credentials are used | GCP | Identity and Access Management | LOW |
AC_GCP_0028 | Ensure Legacy Authorization (ABAC) is Disabled | GCP | Identity and Access Management | HIGH |
AC_GCP_0040 | Ensure That Instances Are Not Configured To Use the Default Service Account | GCP | Identity and Access Management | HIGH |
AC_GCP_0230 | Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | GCP | Identity and Access Management | HIGH |
AC_GCP_0245 | Ensure IAM roles do not impersonate or manage service accounts through Google Folder IAM Binding | GCP | Identity and Access Management | LOW |
AC_GCP_0268 | Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer | GCP | Identity and Access Management | LOW |
AC_K8S_0007 | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0073 | Ensure AppArmor profile is not set to runtime/default in Kubernetes workload configuration | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0077 | Ensure 'procMount' is set to default in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0081 | Ensure only allowed volume types are mounted for all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0087 | Minimize the admission of root containers | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0103 | Minimize access to create pods | Kubernetes | Identity and Access Management | HIGH |
S3_AWS_0009 | Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AWS_0044 | Ensure 'password policy' is enabled - at least 1 lower case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0084 | Ensure public repositories are disabled for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | HIGH |
AC_AWS_0087 | Ensure there are no services with admin roles for Amazon Elastic Container Service (ECS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0145 | Ensure that full access to edit IAM Policies is restricted | AWS | Identity and Access Management | HIGH |
AC_AWS_0196 | Ensure IAM Policy does not Allow with NotPrincipal | AWS | Identity and Access Management | HIGH |
AC_AWS_0215 | Ensure bucket policy is enforced with least privileges for all AWS S3 buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0219 | Ensure 'allow get actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0412 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with value not following standard CIDR | AWS | Identity and Access Management | LOW |
AC_AWS_0414 | Ensure there is no IAM policy with a condition element having NotIpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0417 | Ensure there is no IAM policy with a condition element having IfExists Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0418 | Ensure there is no IAM policy with Redundant action | AWS | Identity and Access Management | LOW |
AC_AWS_0431 | Ensure cloud users don't have any direct permissions in AWS IAM Policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0462 | Ensure no policy is attached that may cause privilege escalation for AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0473 | Ensure principal element is not empty in AWS IAM Trust Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0480 | Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |