| AC_GCP_0224 | Ensure Remote Desktop (TCP:3389) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_AWS_0017 | Ensure egress filter is set as 'DROP_ALL' for AWS Application Mesh | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0087 | Ensure there are no services with admin roles for Amazon Elastic Container Service (ECS) | AWS | Identity and Access Management | HIGH |
| AC_AWS_0088 | Ensure Amazon Elastic Container Service (ECS) clusters are placed in a VPC | AWS | Infrastructure Security | HIGH |
| AC_AWS_0139 | Ensure password policy requires rotation every 60 days or less for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
| AC_AWS_0203 | Ensure Enhanced VPC routing should be enabled for AWS Redshift Clusters | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0225 | Ensure network isolation is enabled for AWS SageMaker | AWS | Security Best Practices | MEDIUM |
| AC_AZURE_0105 | Ensure that the attribute 'vulnerable_tls_cipher_suite' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0106 | Ensure that the attribute 'acr_authentication' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0107 | Ensure that the attribute 'baseline' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0145 | Ensure ingestion is not supported over public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0196 | Ensure that IP restrictions rules are configured for Azure App Service | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0252 | Ensure public IP addresses are disabled in Azure Databricks Workspaces | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0263 | Ensure public network access is disabled for Azure Batch Account | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0300 | Ensure virtual network is used to deploy Azure Container Group | Azure | Security Best Practices | MEDIUM |
| AC_AZURE_0309 | Ensure default network access rule is set to deny in Azure Storage Account Network Rules | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0316 | Ensure public network access disabled for Azure CosmosDB Account | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0321 | Ensure public access is disabled for Azure Managed Disk | Azure | Infrastructure Security | HIGH |
| AC_GCP_0242 | Ensure default service account is not used for project access in Google Container Cluster | GCP | Security Best Practices | HIGH |
| AC_GCP_0265 | Ensure sharing of service account credentials is restricted using Google Service Account | GCP | Security Best Practices | MEDIUM |
| AC_GCP_0302 | Ensure security rule is configured for protection against Apache Log4j2 in Google Compute Security Policy | GCP | Infrastructure Security | HIGH |
| AC_K8S_0122 | Ensure DENY-with-negative-matching exist for Istio Authorization Object | Kubernetes | Infrastructure Security | MEDIUM |
| AC_AWS_0211 | Ensure AWS S3 Buckets are not listable for Authenticated users group | AWS | Identity and Access Management | HIGH |
| AC_AWS_0083 | Ensure scan on push is enabled on Amazon Elastic Container Registry (Amazon ECR) repository | AWS | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AWS_0118 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain_policy | AWS | Identity and Access Management | HIGH |
| AC_AWS_0149 | Ensure no user can assume the role without MFA is specified in the condition parameter of AWS IAM User Policy | AWS | Compliance Validation | LOW |
| AC_AWS_0217 | Ensure 'allow all actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
| AC_AZURE_0100 | Ensure that the attribute 'ip_filter_deny_all' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0149 | Ensure anti-malware protection is enabled with real time protection for Azure Linux Virtual Machine Scale Set | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0204 | Ensure Synapse Workspace is not accessible to public via Azure Synapse Firewall Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0207 | Ensure cross account access is disabled for Azure Redis Cache | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0254 | Ensure public network access is disabled for Azure Cognitive Account | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0258 | Ensure default connection policy is not in use for Azure SQL Server | Azure | Compliance Validation | LOW |
| AC_AZURE_0266 | Ensure managed virtual networks are in use for Azure Synapse Workspace | Azure | Infrastructure Security | LOW |
| AC_AZURE_0307 | Ensure public access is disabled for Azure Search Service | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0313 | Ensure that virtual networks are in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0335 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
| AC_GCP_0284 | Ensure datastore storage resource does not have access policy set to 'Public' for Google App Engine Application | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0286 | Ensure compatibility firestore storage resource does not have access policy set to 'Public' for Google App Engine Application | GCP | Infrastructure Security | MEDIUM |
| AC_K8S_0121 | Ensure default-deny patterns are defined for Istio Authorization Policy | Kubernetes | Infrastructure Security | HIGH |
| AC_AZURE_0028 | Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. | Azure | Data Protection | HIGH |
| AC_AZURE_0059 | Ensure that HTTP(S) access from the Internet is evaluated and restricted | Azure | Infrastructure Security | LOW |
| AC_AZURE_0325 | Ensure that Microsoft Defender for Storage is set to 'On' | Azure | Data Protection | MEDIUM |
| AC_AZURE_0326 | Ensure that Microsoft Defender for SQL servers on machines is set to 'On' | Azure | Data Protection | MEDIUM |
| AC_AZURE_0330 | Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0370 | Ensure that 'Public access level' is disabled for storage accounts with blob containers | Azure | Infrastructure Security | HIGH |
| AC_AWS_0153 | Ensure virtual private cloud (VPC) is configured for AWS EC2 instances | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0215 | Ensure bucket policy is enforced with least privileges for all AWS S3 buckets | AWS | Identity and Access Management | HIGH |
| AC_AWS_0227 | Ensure Security Groups do not have unrestricted specific ports open - (SSH,22) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0229 | Ensure Security Groups do not have unrestricted specific ports open - (HTTPS,443) | AWS | Infrastructure Security | LOW |
