| AC_AWS_0099 | Ensure there are no public file systems for AWS Elastic File System (EFS) | AWS | Identity and Access Management | HIGH |
| AC_AWS_0437 | Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshots | AWS | Infrastructure Security | MEDIUM |
| AC_AZURE_0093 | Ensure public access is disabled for Azure IoT Hub Device Provisioning Service (DPS) | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0094 | Ensure shared access policies are not used for IoT Hub | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0097 | Ensure that the Microsoft Defender for IoT Hub is enabled | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0103 | Ensure that the attribute 'inconsistent_module_settings' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0135 | Ensure public access is disabled for Azure MSSQL Server | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0203 | Ensure cross account access is disabled for Azure Synapse Firewall Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0205 | Ensure cross account access is disabled for Azure SQL Server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0227 | Ensure advanced threat protection is enabled for Azure CosmosDB Account | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0305 | Ensure public access is disabled for Azure Storage Sync | Azure | Infrastructure Security | HIGH |
| AC_GCP_0245 | Ensure IAM roles do not impersonate or manage service accounts through Google Folder IAM Binding | GCP | Identity and Access Management | LOW |
| AC_K8S_0112 | Ensure the use of externalIPs is restricted for Kubernetes service | Kubernetes | Infrastructure Security | MEDIUM |
| AC_AZURE_0118 | Ensure latest TLS version is in use for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0364 | Ensure that the latest OS patches for Azure Virtual Machine | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0141 | Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0174 | Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure Image | Azure | Compliance Validation | LOW |
| AC_AZURE_0281 | Ensure latest version of Azure Kubernetes Cluster is in use | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0310 | Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual Machine | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0320 | Ensure that boolean variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
| AC_AZURE_0417 | Ensure that the latest version of NSG flow log is being used via Azure Network Watcher Flow Log | Azure | Security Best Practices | MEDIUM |
| AC_GCP_0287 | Ensure in-transit encryption is enabled for Google App Engine Standard App Version | GCP | Infrastructure Security | MEDIUM |
| AC_K8S_0111 | Ensure for exposing Kubernetes workload to the internet, NodePort service is not used | Kubernetes | Infrastructure Security | LOW |
| AC_K8S_0124 | Ensure envoy proxies are not configured in permissive mode in Istio Peer Authentication | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0126 | Ensure Kubernetes hot-patch daemonset for Log4j2 is applied | Kubernetes | Configuration and Vulnerability Analysis | HIGH |
| AC_AWS_0071 | Ensure encryption at rest is enabled for AWS DocumentDB clusters | AWS | Data Protection | MEDIUM |
| AC_AWS_0079 | Ensure default encryption is enabled for AWS EBS Volumes | AWS | Data Protection | HIGH |
| AC_AWS_0125 | Ensure public access is disabled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
| AC_AWS_0179 | Ensure auto minor version upgrade is enabled for AWS MQ Brokers | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0180 | Ensure inter-cluster encryption is enabled for AWS MSK cluster | AWS | Data Protection | HIGH |
| AC_AWS_0181 | Ensure that TLS-Only communication should be allowed between AWS MSK client and broker | AWS | Infrastructure Security | HIGH |
| AC_AWS_0378 | Ensure all data stored is encrypted at-rest for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
| AC_AWS_0446 | Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild Project | AWS | Data Protection | MEDIUM |
| AC_AWS_0155 | Ensure at-rest server side encryption (SSE) is enabled for data stored in AWS Kinesis Server | AWS | Data Protection | HIGH |
| AC_AWS_0159 | Ensure customer master key (CMK) is not disabled for AWS Key Management Service (KMS) | AWS | Resilience | HIGH |
| AC_AWS_0210 | Ensure there are no publicly listable AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
| AC_AWS_0235 | Ensure Security Groups do not have unrestricted specific ports open - Elasticsearch (TCP,9300) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0250 | Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (UDP,11214) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0251 | Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (UDP,11215) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0255 | Ensure Security Groups do not have unrestricted specific ports open - NetBIOS Name Service (UDP,137) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0260 | Ensure Security Groups do not have unrestricted specific ports open - Oracle DB SSL (TCP,2484) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0261 | Ensure Security Groups do not have unrestricted specific ports open - Oracle DB SSL (UDP,2484) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0266 | Ensure Security Groups do not have unrestricted specific ports open - SNMP (UDP,161) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0271 | Ensure Security Groups do not have unrestricted specific ports open - Telnet (TCP,23) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0273 | Ensure Security Groups do not have unrestricted specific ports open - CIFS for file/printer (TCP,445) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0277 | Ensure SaltStack Master (TCP,4505) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0279 | Ensure CIFS / SMB (TCP,3020) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0281 | Ensure Cassandra (TCP,7001) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0286 | Ensure MSSQL Admin (TCP,1434) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0291 | Ensure Memcached SSL (TCP,11215) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
