| AC_AWS_0483 | Ensure there is no policy with an invalid principal format for Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
| AC_AWS_0484 | Ensure there is no policy with an invalid principal key for Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
| AC_AWS_0486 | Ensure there is no policy with an invalid principal key for Amazon Simple Queue Service (SQS) Queue | AWS | Identity and Access Management | LOW |
| AC_AWS_0488 | Ensure there is no IAM policy with invalid policy element | AWS | Identity and Access Management | LOW |
| AC_AWS_0490 | Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked roles | AWS | Identity and Access Management | HIGH |
| AC_AWS_0497 | Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0550 | Ensure actions '*' and resource '*' are not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0573 | Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0595 | Ensure access keys are rotated every 90 days or less | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0620 | Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
| AC_AZURE_0038 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0039 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0117 | Ensure managed identity is used in Azure Windows Function App | Azure | Identity and Access Management | LOW |
| AC_AZURE_0123 | Ensure managed identity is used in Azure Linux Function App | Azure | Identity and Access Management | LOW |
| AC_AZURE_0127 | Ensure that Azure Active Directory Admin is configured for Azure MySQL Single Server | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0175 | Ensure Azure RBAC (role-based access control) is used to control access to resources for Azure Function App | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0186 | Ensure that admin user is disabled for Azure Container Registry | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0238 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0363 | Ensure ssh keys are used to auth Azure Virtual Machine | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0401 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0405 | Ensure admin auth is properly setup for Azure PostgreSQL Server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0541 | Ensure permission type is not set to 'Admin' in oauth2_permissions for AzureAD Application | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0556 | Ensure That No Custom Subscription Administrator Roles Exist | Azure | Identity and Access Management | MEDIUM |
| AC_GCP_0007 | Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level - google_project_iam_binding | GCP | Identity and Access Management | HIGH |
| AC_GCP_0021 | Ensure basic authentication is disabled on Google Container Cluster | GCP | Identity and Access Management | HIGH |
| AC_GCP_0314 | Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users | GCP | Identity and Access Management | HIGH |
| AC_K8S_0045 | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0080 | Ensure that the seccomp profile is set to docker/default in pod definitions | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0089 | Ensure that the Anonymous Auth is Not Enabled | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0091 | Ensure that the --token-auth-file parameter is not set | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0095 | Ensure that the --authorization-mode argument includes Node | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0102 | Ensure impersonate access to Kubernetes resources is minimized in Kubernetes Role | Kubernetes | Identity and Access Management | HIGH |
| AC_K8S_0108 | Ensure Kubernetes rolebindings with get and patch Kubernetes roles are minimized in Kubernetes Role | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0113 | Ensure that default service accounts are not actively used. | Kubernetes | Identity and Access Management | MEDIUM |
| S3_AWS_0006 | Ensure bucket policy is enforced with least privileges for all AWS S3 buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| S3_AWS_0008 | Ensure that Object-level logging for write events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| S3_AWS_0011 | Ensure there are no world-listable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| S3_AWS_0012 | Ensure AWS S3 Buckets are not world-listable for anonymous users - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| AC_AZURE_0282 | Ensure Owner roles are not assigned to any principal using Azure Role Assignment | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0399 | Ensure that Identity block is defined and type is set to SystemAssigned for Azure PostgreSQL Server | Azure | Identity and Access Management | LOW |
| AC_AZURE_0538 | Ensure App Service Authentication is set up for apps in Azure App Service | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0540 | Ensure `force_password_change` is set to true for AzureAD User | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0567 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0582 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_windows_web_app | Azure | Identity and Access Management | MEDIUM |
| AC_GCP_0240 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
| AC_GCP_0255 | Ensure that IAM permissions are not granted directly to users for Google Cloud | GCP | Identity and Access Management | HIGH |
| AC_K8S_0008 | Ensure that a Client CA File is Configured | Kubernetes | Identity and Access Management | HIGH |
| AC_K8S_0010 | Ensure that the --read-only-port is disabled | Kubernetes | Identity and Access Management | LOW |
| AC_K8S_0026 | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | Identity and Access Management | MEDIUM |
