AC_AWS_0474 | Ensure global condition key is not used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0493 | Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0496 | Ensure IAM Policies were not configured with versions in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0498 | Ensure there is no IAM policy with invalid condition operator | AWS | Identity and Access Management | LOW |
AC_AWS_0501 | Ensure Adding a valid base64-encoded string value for the condition operator | AWS | Identity and Access Management | LOW |
AC_AWS_0618 | Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLs | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0113 | Ensure backup is enabled using Azure Backup for Azure Linux Virtual Machines | Azure | Security Best Practices | LOW |
AC_AZURE_0028 | Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. | Azure | Data Protection | HIGH |
AC_AZURE_0059 | Ensure that HTTP(S) access from the Internet is evaluated and restricted | Azure | Infrastructure Security | LOW |
AC_AZURE_0325 | Ensure that Microsoft Defender for Storage is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0326 | Ensure that Microsoft Defender for SQL servers on machines is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0330 | Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0370 | Ensure that 'Public access level' is disabled for storage accounts with blob containers | Azure | Infrastructure Security | HIGH |
AC_K8S_0061 | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_AZURE_0279 | Ensure notification email setting is enabled for Azure SQL Database Threat Detection Policy | Azure | Logging and Monitoring | LOW |
AC_AWS_0204 | Ensure CloudWatch logging is enabled for AWS Route53 hosted zones | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0214 | Ensure versioning is enabled for AWS S3 Buckets | AWS | Resilience | HIGH |
AC_AWS_0387 | Ensure that access policy does not allow anonymous access for AWS Secrets Manager | AWS | Security Best Practices | HIGH |
AC_AZURE_0241 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_GCP_0276 | Ensure use of Binary Authorization | GCP | Infrastructure Security | LOW |
AC_GCP_0327 | Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key | GCP | Infrastructure Security | LOW |
AC_GCP_0330 | Ensure Essential Contacts is Configured for Organization | GCP | Logging and Monitoring | LOW |
AC_AZURE_0141 | Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0174 | Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure Image | Azure | Compliance Validation | LOW |
AC_AZURE_0281 | Ensure latest version of Azure Kubernetes Cluster is in use | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0310 | Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0320 | Ensure that boolean variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0417 | Ensure that the latest version of NSG flow log is being used via Azure Network Watcher Flow Log | Azure | Security Best Practices | MEDIUM |
AC_GCP_0287 | Ensure in-transit encryption is enabled for Google App Engine Standard App Version | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0288 | Ensure only selected container registries are allowed through Google Binary Authorization Policy | GCP | Security Best Practices | MEDIUM |
AC_K8S_0111 | Ensure for exposing Kubernetes workload to the internet, NodePort service is not used | Kubernetes | Infrastructure Security | LOW |
AC_K8S_0124 | Ensure envoy proxies are not configured in permissive mode in Istio Peer Authentication | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0126 | Ensure Kubernetes hot-patch daemonset for Log4j2 is applied | Kubernetes | Configuration and Vulnerability Analysis | HIGH |
AC_AWS_0045 | Ensure 'password policy' is enabled - at least 1 upper case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0046 | Ensure 'password policy' is enabled - at least 1 symbol | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0052 | Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0071 | Ensure encryption at rest is enabled for AWS DocumentDB clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0079 | Ensure default encryption is enabled for AWS EBS Volumes | AWS | Data Protection | HIGH |
AC_AWS_0125 | Ensure public access is disabled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0179 | Ensure auto minor version upgrade is enabled for AWS MQ Brokers | AWS | Security Best Practices | MEDIUM |
AC_AWS_0180 | Ensure inter-cluster encryption is enabled for AWS MSK cluster | AWS | Data Protection | HIGH |
AC_AWS_0181 | Ensure that TLS-Only communication should be allowed between AWS MSK client and broker | AWS | Infrastructure Security | HIGH |
AC_AWS_0378 | Ensure all data stored is encrypted at-rest for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0426 | Ensure that initial login requires password reset for AWS IAM Users | AWS | Compliance Validation | HIGH |
AC_AWS_0446 | Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AZURE_0161 | Ensure that kubernetes dashboard is disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0177 | Ensure latest TLS version is in use for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0178 | Ensure HTTPS is enabled for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0249 | Ensure that '.Net Framework' version is the latest in Azure App Service | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0388 | Ensure guest users are disabled for Azure Role Assignment | Azure | Identity and Access Management | HIGH |