AC_AWS_0453 | Ensure one target group is configured to listen on HTTPS for AWS Load Balancer | AWS | Infrastructure Security | HIGH |
AC_AWS_0462 | Ensure no policy is attached that may cause privilege escalation for AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0465 | Ensure secrets are encrypted using AWS KMS key for AWS Secrets Manager | AWS | Data Protection | MEDIUM |
AC_AWS_0469 | Ensure EMR cluster is Configured with Kerberos Authentication | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0473 | Ensure principal element is not empty in AWS IAM Trust Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0480 | Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |
AC_AWS_0488 | Ensure there is no IAM policy with invalid policy element | AWS | Identity and Access Management | LOW |
AC_AWS_0490 | Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked roles | AWS | Identity and Access Management | HIGH |
AC_AWS_0497 | Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0550 | Ensure actions '*' and resource '*' are not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AZURE_0157 | Ensure that pod security policy is enabled for Azure Kubernetes Cluster | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0329 | Ensure custom script extensions are not used in Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AWS_0631 | Ensure AWS Security Hub is enabled | AWS | Infrastructure Security | MEDIUM |
AC_GCP_0006 | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_AWS_0009 | Ensure stage cache have encryption enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0072 | Ensure backup retention period is set according to best practice for AWS DocumentDB clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0173 | Ensure a default root object is configured for AWS Cloudfront Distribution | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0383 | Ensure AWS Redshift database clusters are not using 'awsuser' (default master user name) for database access | AWS | Compliance Validation | MEDIUM |
AC_AWS_0408 | Ensure Effect is set to 'Deny' if NotAction is used in AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0409 | Ensure Effect is set to 'Deny' if Condition is used in AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0464 | Ensure database retention is enabled for Amazon Relational Database Service (Amazon RDS) cluster | AWS | Resilience | MEDIUM |
AC_AWS_0472 | Ensure only uppercase letters, lowercase letters and numbers are used in Sid element in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0477 | Ensure there is no IAM policy with invalid global condition keys | AWS | Identity and Access Management | LOW |
AC_AWS_0481 | Ensure there is no policy with invalid principal format for AWS S3 Bucket policy | AWS | Identity and Access Management | LOW |
AC_AWS_0487 | Ensure there is no IAM policy with multiple condition boolean values | AWS | Identity and Access Management | LOW |
AC_AWS_0499 | Ensure that IAM policy does not exceed the identity policy quota for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0500 | Ensure condition value does not use wildcards (* and ?) without like operator | AWS | Identity and Access Management | LOW |
AC_AWS_0507 | Ensure Adding Add a valid numeric value for the condition operator | AWS | Identity and Access Management | LOW |
AC_AWS_0551 | Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Queue Service (SQS) Queue | AWS | Identity and Access Management | LOW |
AC_AWS_0580 | Ensure there is no policy with invalid action for Amazon Elastic Container Registry (ECR) Public repository policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0581 | Ensure Full Access (AmazonElasticContainerRegistryPublicFullAccess) is not applied to Amazon Elastic Container Registry (ECR) Public repository | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0628 | Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLs | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0110 | Ensure backup is enabled using Azure Backup for Azure Windows Virtual Machines | Azure | Security Best Practices | LOW |
AC_AZURE_0120 | Ensure that authentication feature is enabled for Azure Windows Function App | Azure | Security Best Practices | LOW |
AC_AZURE_0152 | Ensure disk encryption is enabled for Azure Linux Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
AC_AZURE_0211 | Ensure data backup is enabled using `backup_blob_container_uri` for Azure Analysis Services Servers | Azure | Resilience | MEDIUM |
AC_AZURE_0260 | Ensure backup retention period is enabled for Azure PostgreSQL Server | Azure | Compliance Validation | HIGH |
AC_AZURE_0349 | Ensure disk encryption is enabled for Azure Windows Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
AC_AZURE_0365 | Ensure age in days after create to delete snapshot is more than 90 in Azure Storage Management Policy | Azure | Resilience | MEDIUM |
AC_AZURE_0399 | Ensure that Identity block is defined and type is set to SystemAssigned for Azure PostgreSQL Server | Azure | Identity and Access Management | LOW |
AC_GCP_0255 | Ensure that IAM permissions are not granted directly to users for Google Cloud | GCP | Identity and Access Management | HIGH |
AC_AZURE_0388 | Ensure guest users are disabled for Azure Role Assignment | Azure | Identity and Access Management | HIGH |
AC_AWS_0040 | Ensure IAM policies with NotAction and NotResource are not attached or used | AWS | Identity and Access Management | HIGH |
AC_AWS_0221 | Ensure 'allow put actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0413 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0386 | Ensure that inline policy does not expose secrets in AWS Secrets Manager | AWS | Security Best Practices | HIGH |
AC_AZURE_0356 | Ensure every subnet block is configured with a Network Security Group in Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0385 | Ensure that standard pricing tiers are selected in Azure Security Center Subscription Pricing | Azure | Security Best Practices | MEDIUM |
AC_GCP_0233 | Ensure logging is enabled for Google Cloud Storage Buckets | GCP | Logging and Monitoring | LOW |
AC_AWS_0633 | Ensure that IAM Access analyzer is enabled for all regions | AWS | Infrastructure Security | MEDIUM |