AC_GCP_0288 | Ensure only selected container registries are allowed through Google Binary Authorization Policy | GCP | Security Best Practices | MEDIUM |
AC_GCP_0295 | Ensure node metadata is concealed for Google Container Node Pool | GCP | Security Best Practices | LOW |
AC_GCP_0366 | Ensure API Keys Are Restricted to Only APIs That Application Needs Access | GCP | Security Best Practices | MEDIUM |
AC_K8S_0013 | Ensure an owner key with proper label is set for Kubernetes namespace | Kubernetes | Security Best Practices | LOW |
AC_K8S_0098 | Ensure CPU limit is set for Kubernetes workloads | Kubernetes | Security Best Practices | MEDIUM |
AC_K8S_0115 | Ensure security context is applied to pods and containers with SELinux configured | Kubernetes | Security Best Practices | MEDIUM |
AC_K8S_0120 | Ensure large virtual services are split into multiple resources for Istio Virtual Services | Kubernetes | Security Best Practices | LOW |
AC_AWS_0030 | Ensure valid account number format is used in AWS IAM Policy | AWS | Security Best Practices | LOW |
AC_AWS_0050 | Ensure `arn` prefix is in use for resource in AWS IAM Policy | AWS | Security Best Practices | LOW |
AC_AWS_0150 | Ensure a log metric filter and alarm exist for AWS NAT Gateways | AWS | Security Best Practices | HIGH |
AC_AWS_0179 | Ensure auto minor version upgrade is enabled for AWS MQ Brokers | AWS | Security Best Practices | MEDIUM |
AC_AWS_0201 | Ensure allow version upgrade is enabled for AWS Redshift Clusters | AWS | Security Best Practices | LOW |
AC_AWS_0387 | Ensure that access policy does not allow anonymous access for AWS Secrets Manager | AWS | Security Best Practices | HIGH |
AC_AWS_0396 | Ensure requests greater than 8 KB are blocked by AWS Web Application Firewall | AWS | Security Best Practices | HIGH |
AC_AWS_0502 | Ensure valid account number format is used in Amazon Simple Notification Service (SNS) Topic | AWS | Security Best Practices | LOW |
AC_AWS_0503 | Ensure valid account number format is used in Amazon Simple Queue Service (SQS) Queue | AWS | Security Best Practices | LOW |
AC_AWS_0564 | Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs | AWS | Security Best Practices | HIGH |
AC_AWS_0567 | Ensure a log metric filter and alarm exist for security group changes | AWS | Security Best Practices | HIGH |
AC_AWS_0577 | Ensure tags are defined for AWS NAT Gateways | AWS | Security Best Practices | LOW |
AC_AWS_0579 | Ensure multiple availability zones are used to deploy AWS NAT Gateways | AWS | Security Best Practices | MEDIUM |
AC_AZURE_0108 | Ensure public IP addresses are not assigned to Azure Windows Virtual Machines | Azure | Security Best Practices | HIGH |
AC_AZURE_0113 | Ensure backup is enabled using Azure Backup for Azure Linux Virtual Machines | Azure | Security Best Practices | LOW |
AC_AWS_0055 | Ensure the security best practices configuration is followed for Amazon Relational Database Service (Amazon RDS) instances | AWS | Security Best Practices | HIGH |
AC_AWS_0175 | Ensure public access is disabled for AWS MQ Brokers | AWS | Security Best Practices | MEDIUM |
AC_AWS_0177 | Ensure latest engine version is used for AWS MQ Brokers | AWS | Security Best Practices | MEDIUM |
AC_AWS_0368 | Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway File Shares | AWS | Security Best Practices | HIGH |
AC_AWS_0397 | Ensure multiple ENI are not attached to a single AWS Instance | AWS | Security Best Practices | LOW |
AC_AWS_0406 | Ensure NotResource is removed from all AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0407 | Ensure Effect is set to 'Deny' if Resource is used in Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0442 | Ensure access logging is enabled for AWS API Gateway V2 API | AWS | Security Best Practices | MEDIUM |
AC_AWS_0452 | Ensure log retention policy is set for AWS CloudWatch Log Group | AWS | Security Best Practices | MEDIUM |
AC_AWS_0506 | Ensure valid account number format is used in AWS EFS File System Policy | AWS | Security Best Practices | LOW |
AC_AWS_0560 | Ensure a log metric filter and alarm exist for usage of 'root' account | AWS | Security Best Practices | HIGH |
AC_AWS_0563 | Ensure a log metric filter and alarm exist for AWS Management Console authentication failures | AWS | Security Best Practices | HIGH |
AC_AWS_0565 | Ensure a log metric filter and alarm exist for S3 bucket policy changes | AWS | Security Best Practices | HIGH |
AC_AWS_0570 | Ensure a log metric filter and alarm exist for route table changes | AWS | Security Best Practices | HIGH |
AC_AZURE_0359 | Ensure automatic OS upgrades are enabled for windows config block in Azure Virtual Machine Scale Set | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0393 | Ensure regular security and operational updates are enabled for Azure Redis Cache | Azure | Security Best Practices | HIGH |
AC_GCP_0011 | Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days | GCP | Security Best Practices | LOW |
AC_GCP_0017 | Ensure Node Auto-Upgrade is enabled for GKE nodes | GCP | Security Best Practices | LOW |
AC_GCP_0266 | Ensure a retention policy is enabled for Google Cloud Storage Buckets | GCP | Security Best Practices | MEDIUM |
AC_GCP_0267 | Ensure a retention period of at least 90 days is set for Google Cloud Storage Buckets | GCP | Security Best Practices | LOW |
AC_GCP_0269 | Ensure that 'always allow' evaluation mode is restricted for Google Binary Authorization Policy | GCP | Security Best Practices | MEDIUM |
AC_GCP_0270 | Ensure the GKE Metadata Server is Enabled | GCP | Security Best Practices | LOW |
AC_GCP_0278 | Ensure Oslogin Is Enabled for a Project - google_compute_instance | GCP | Security Best Practices | LOW |
AC_K8S_0025 | Ensure default name space is not in use in Kubernetes Namespace | Kubernetes | Security Best Practices | LOW |
AC_K8S_0048 | Ensure default routes are set for Istio services | Kubernetes | Security Best Practices | LOW |
AC_K8S_0068 | Ensure image tag is set in Kubernetes workload configuration | Kubernetes | Security Best Practices | LOW |
AC_K8S_0070 | Ensure liveness probe is configured for containers in all Kubernetes workloads | Kubernetes | Security Best Practices | LOW |
AC_K8S_0072 | Ensure readiness probe is configured for containers in all Kubernetes workloads | Kubernetes | Security Best Practices | LOW |