AC_GCP_0124 | Ensure Memcached SSL (TCP:11215) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0130 | Ensure Memcached SSL (TCP:11214) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0137 | Ensure Cassandra (TCP:7001) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0142 | Ensure Postgres SQL (TCP:5432) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0152 | Ensure Oracle DB SSL (TCP:2484) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0156 | Ensure MSSQL Server (TCP:1433) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0161 | Ensure LDAP SSL (TCP:636) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0169 | Ensure Unencrypted Mongo Instances (TCP:27017) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0182 | Ensure Elastic Search (TCP:9200) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0184 | Ensure Cassandra Thrift (TCP:9160) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0186 | Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0196 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0197 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0209 | Ensure Oracle DB (TCP:1521) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0211 | Ensure LDAP (UDP:389) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0214 | Ensure LDAP (TCP:389) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0218 | Ensure CiscoSecure, Websm (TCP:9090) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
S3_AWS_0011 | Ensure there are no world-listable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AWS_0147 | Ensure full administrative privileges are not created and are attached to a role using AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0218 | Ensure 'allow delete actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0411 | Ensure there is no IAM policy with empty SID value | AWS | Identity and Access Management | LOW |
AC_AWS_0416 | Ensure there is no IAM policy with a condition element having ForAnyValue Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0421 | Ensure there is no IAM policy with empty array resource | AWS | Identity and Access Management | LOW |
AC_AZURE_0124 | Ensure latest TLS version is in use for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0239 | Ensure That 'All users with the following roles' is set to 'Owner' | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0270 | Ensure Security Groups do not have unrestricted specific ports open - Oracle Database Server (TCP,1521) | AWS | Infrastructure Security | HIGH |
AC_AWS_0311 | Ensure Cassandra Client (TCP:9042) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0362 | Ensure MongoDB' (TCP,27017) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0511 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0512 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0518 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0522 | Ensure Cassandra Thrift (TCP:9160) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0541 | Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0161 | Ensure deletion window for Customer Managed Keys (CMK) is enabled for AWS Key Management Service (KMS) | AWS | Security Best Practices | HIGH |
AC_AWS_0211 | Ensure AWS S3 Buckets are not listable for Authenticated users group | AWS | Identity and Access Management | HIGH |
AC_GCP_0195 | Ensure that multi-factor authentication is enabled for all non-service accounts | GCP | Identity and Access Management | LOW |
AC_AWS_0155 | Ensure at-rest server side encryption (SSE) is enabled for data stored in AWS Kinesis Server | AWS | Data Protection | HIGH |
AC_AWS_0159 | Ensure customer master key (CMK) is not disabled for AWS Key Management Service (KMS) | AWS | Resilience | HIGH |
AC_AWS_0210 | Ensure there are no publicly listable AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0235 | Ensure Security Groups do not have unrestricted specific ports open - Elasticsearch (TCP,9300) | AWS | Infrastructure Security | HIGH |
AC_AWS_0250 | Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (UDP,11214) | AWS | Infrastructure Security | HIGH |
AC_AWS_0251 | Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (UDP,11215) | AWS | Infrastructure Security | HIGH |
AC_AWS_0255 | Ensure Security Groups do not have unrestricted specific ports open - NetBIOS Name Service (UDP,137) | AWS | Infrastructure Security | HIGH |
AC_AWS_0260 | Ensure Security Groups do not have unrestricted specific ports open - Oracle DB SSL (TCP,2484) | AWS | Infrastructure Security | HIGH |
AC_AWS_0261 | Ensure Security Groups do not have unrestricted specific ports open - Oracle DB SSL (UDP,2484) | AWS | Infrastructure Security | HIGH |
AC_AWS_0266 | Ensure Security Groups do not have unrestricted specific ports open - SNMP (UDP,161) | AWS | Infrastructure Security | HIGH |
AC_AWS_0271 | Ensure Security Groups do not have unrestricted specific ports open - Telnet (TCP,23) | AWS | Infrastructure Security | HIGH |
AC_AWS_0273 | Ensure Security Groups do not have unrestricted specific ports open - CIFS for file/printer (TCP,445) | AWS | Infrastructure Security | HIGH |
AC_AWS_0277 | Ensure SaltStack Master (TCP,4505) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0279 | Ensure CIFS / SMB (TCP,3020) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |