AC_K8S_0018 | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | Identity and Access Management | MEDIUM |
S3_AWS_0015 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_K8S_0008 | Ensure that a Client CA File is Configured | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0046 | Minimize the admission of privileged containers | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0104 | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | Identity and Access Management | HIGH |
AC_AZURE_0322 | Ensure that Microsoft Defender for Key Vault is set to 'On' | Azure | Data Protection | MEDIUM |
AC_K8S_0047 | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0058 | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0109 | Ensure that the --secure-port argument is not set to 0 | Kubernetes | Infrastructure Security | HIGH |
AC_AZURE_0026 | Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AWS_0626 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0126 | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0332 | Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
AC_GCP_0336 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
AC_K8S_0062 | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0063 | Ensure that the --peer-auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_AZURE_0044 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_K8S_0028 | Ensure that the --insecure-port argument is set to 0 | Kubernetes | Infrastructure Security | HIGH |
AC_AZURE_0409 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0555 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AWS_0132 | Ensure no root user account access key exists | AWS | Identity and Access Management | HIGH |
AC_GCP_0296 | Ensure Container-Optimized OS (cos_containerd) is used for GKE node images | GCP | Compliance Validation | LOW |
AC_K8S_0060 | Ensure that the --auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
AC_AZURE_0387 | Ensure That No Custom Subscription Owner Roles Are Created | Azure | Identity and Access Management | MEDIUM |
AC_AWS_0606 | Ensure MFA Delete is enabled on S3 buckets | AWS | Security Best Practices | HIGH |
AC_AZURE_0040 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0053 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Infrastructure Security | HIGH |
AC_AZURE_0148 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_AZURE_0338 | Ensure that Activity Log Alert exists for Delete Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0343 | Ensure that Activity Log Alert exists for Create or Update Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0396 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0585 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_GCP_0319 | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
AC_AZURE_0085 | Ensure that logging for Azure Key Vault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_GCP_0024 | Ensure authentication using Client Certificates is Disabled | GCP | Identity and Access Management | MEDIUM |
AC_GCP_0315 | Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on' | GCP | Compliance Validation | LOW |
AC_K8S_0038 | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0041 | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_AZURE_0544 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0553 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0565 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0566 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0581 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_linux_web_app | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0032 | Ensure Legacy Networks Do Not Exist for Older Projects | GCP | Infrastructure Security | LOW |
AC_GCP_0037 | Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0261 | Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0280 | Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets | GCP | Data Protection | MEDIUM |
AC_GCP_0304 | Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK) | GCP | Data Protection | MEDIUM |