AC_AWS_0535 | Ensure Memcached SSL (UDP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0539 | Ensure Oracle DB (UDP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0543 | Ensure Redis without SSL (TCP:6379) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0172 | Ensure recommended SSL/TLS protocol version is used for AWS Elastic Load Balancers (ELB) | AWS | Infrastructure Security | HIGH |
AC_AWS_0233 | Ensure Cassandra Client (TCP:9042) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0508 | Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0523 | Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0524 | Ensure LDAP (TCP:389) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0526 | Ensure LDAP (TCP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0530 | Ensure Memcached SSL (TCP:11211) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0531 | Ensure Memcached SSL (TCP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0532 | Ensure Memcached SSL (TCP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0536 | Ensure Oracle DB (TCP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0537 | Ensure Oracle DB (TCP:2483) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0540 | Ensure Oracle DB (UDP:2483) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
S3_AWS_0015 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_AWS_0207 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
AC_AWS_0098 | Ensure Customer Managed Keys (CMK) are used for encryption of AWS Elastic File System (EFS) | AWS | Data Protection | HIGH |
AC_AWS_0197 | Ensure KMS customer managed key (CMK) for encryption of AWS Redshift clusters | AWS | Security Best Practices | HIGH |
AC_AWS_0198 | Ensure encryption is enabled for AWS Redshift clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0206 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets | AWS | Data Protection | HIGH |
AC_AWS_0275 | Ensure no security groups is wide open to public, that is, allows traffic from 0.0.0.0/0 to ALL ports and protocols | AWS | Infrastructure Security | HIGH |
AC_AWS_0596 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
AC_AWS_0065 | Ensure Amazon Relational Database Service (Amazon RDS) instance is not open to more than 256 hosts | AWS | Infrastructure Security | HIGH |
AC_AWS_0066 | Ensure Amazon Relational Database Service (Amazon RDS) instances do not have public interface defined | AWS | Infrastructure Security | HIGH |
AC_AWS_0394 | Ensure secure ciphers are used for AWS CloudFront distribution | AWS | Data Protection | HIGH |
AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
AC_AWS_0209 | Ensure MFA Delete is enable on S3 buckets | AWS | Security Best Practices | HIGH |
S3_AWS_0005 | Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
AC_AWS_0552 | Ensure MFA is enabled for the "root user" account | AWS | Compliance Validation | HIGH |
AC_AWS_0034 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0042 | Ensure standard password policy must be followed with password at least 14 characters long | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0428 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0138 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
AC_AWS_0036 | Ensure CloudTrail log file validation is enabled | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0597 | Ensure MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
S3_AWS_0003 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_AWS_0604 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
AC_AWS_0369 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
AC_AWS_0584 | Ensure CloudTrail log file validation is enabled | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0160 | Ensure rotation for customer created CMKs is enabled | AWS | Data Protection | HIGH |
AC_AWS_0033 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | AWS | Logging and Monitoring | HIGH |
AC_AWS_0080 | Ensure EBS volume encryption is enabled | AWS | Data Protection | HIGH |
AC_AWS_0582 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | AWS | Logging and Monitoring | HIGH |
AC_AWS_0432 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0151 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
AC_AWS_0585 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0608 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0038 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0626 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |