AC_AWS_0523 | Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0524 | Ensure LDAP (TCP:389) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0526 | Ensure LDAP (TCP:389) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0530 | Ensure Memcached SSL (TCP:11211) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0531 | Ensure Memcached SSL (TCP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0532 | Ensure Memcached SSL (TCP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0536 | Ensure Oracle DB (TCP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0537 | Ensure Oracle DB (TCP:2483) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0540 | Ensure Oracle DB (UDP:2483) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0546 | Ensure load balancer health checks are used for AWS Auto Scaling Groups | AWS | Security Best Practices | MEDIUM |
AC_AWS_0551 | Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Queue Service (SQS) Queue | AWS | Identity and Access Management | LOW |
AC_AWS_0553 | Ensure a support role has been created to manage incidents with AWS Support | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0559 | Ensure a log metric filter and alarm exist for unauthorized API calls | AWS | Security Best Practices | HIGH |
AC_AWS_0566 | Ensure a log metric filter and alarm exist for AWS Config configuration changes | AWS | Security Best Practices | HIGH |
AC_AWS_0580 | Ensure there is no policy with invalid action for Amazon Elastic Container Registry (ECR) Public repository policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0581 | Ensure Full Access (AmazonElasticContainerRegistryPublicFullAccess) is not applied to Amazon Elastic Container Registry (ECR) Public repository | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0583 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0586 | Ensure a log metric filter and alarm exist for unauthorized API calls | AWS | Security Best Practices | HIGH |
AC_AWS_0587 | Ensure a log metric filter and alarm exist for usage of 'root' account | AWS | Security Best Practices | HIGH |
AC_AWS_0588 | Ensure a log metric filter and alarm exist for AWS Management Console authentication failures | AWS | Security Best Practices | HIGH |
AC_AWS_0591 | Ensure EBS Volume Encryption is Enabled in all Regions | AWS | Data Protection | HIGH |
AC_AWS_0594 | Ensure no 'root' user account access key exists | AWS | Identity and Access Management | HIGH |
AC_AWS_0601 | Ensure hardware MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
AC_AWS_0603 | Ensure that public access is not given to Amazon Relational Database Service (Amazon RDS) Instance | AWS | Compliance Validation | MEDIUM |
AC_AWS_0605 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0609 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AWS_0614 | Ensure AWS Lambda Functions have associated tags | AWS | Compliance Validation | LOW |
AC_AWS_0616 | Ensure Code Signing is enabled for AWS Lambda functions | AWS | Data Protection | HIGH |
AC_AWS_0628 | Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLs | AWS | Identity and Access Management | MEDIUM |
S3_AWS_0001 | Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets - Terraform Version 1.x | AWS | Data Protection | HIGH |
S3_AWS_0003 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
S3_AWS_0005 | Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
AC_AWS_0012 | Ensure CloudWatch Logs are enabled for AWS API Gateway Stage | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0013 | Ensure SSL Client Certificate is enabled for AWS API Gateway Stage | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0016 | Ensure Auto-scaling is configured for both index and tables in AWS DynamoDb | AWS | Compliance Validation | MEDIUM |
AC_AWS_0017 | Ensure egress filter is set as 'DROP_ALL' for AWS Application Mesh | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0044 | Ensure 'password policy' is enabled - at least 1 lower case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0049 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AWS_0058 | Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0062 | Ensure performance insights are enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0067 | Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scope | AWS | Infrastructure Security | HIGH |
AC_AWS_0075 | Ensure deletion protection is enabled for AWS DocumentDB Clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0081 | Ensure AWS EBS Volume has a corresponding AWS EBS Snapshot | AWS | Data Protection | HIGH |
AC_AWS_0082 | Ensure AWS best practices are followed while deciding names for tags in AWS EBS volumes | AWS | Compliance Validation | LOW |
AC_AWS_0084 | Ensure public repositories are disabled for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | HIGH |
AC_AWS_0087 | Ensure there are no services with admin roles for Amazon Elastic Container Service (ECS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0088 | Ensure Amazon Elastic Container Service (ECS) clusters are placed in a VPC | AWS | Infrastructure Security | HIGH |
AC_AWS_0096 | Ensure encryption is enabled for AWS EFS file systems | AWS | Data Protection | HIGH |
AC_AWS_0104 | Ensure multi-az is configured for AWS ElastiCache Clusters | AWS | Resilience | MEDIUM |
AC_AWS_0105 | Ensure slow logs (index slow logs) are enabled for AWS ElasticSearch Domain | AWS | Compliance Validation | MEDIUM |