AC_AWS_0010 | Ensure that content encoding is enabled for API Gateway Rest API | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0014 | Ensure resource ARNs do not have region missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0015 | Ensure AWS WAF ACL is associated with AWS API Gateway Stage | AWS | Logging and Monitoring | LOW |
AC_AWS_0030 | Ensure valid account number format is used in AWS IAM Policy | AWS | Security Best Practices | LOW |
AC_AWS_0032 | Ensure a web application firewall is enabled for AWS CloudFront distribution | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0040 | Ensure IAM policies with NotAction and NotResource are not attached or used | AWS | Identity and Access Management | HIGH |
AC_AWS_0042 | Ensure standard password policy must be followed with password at least 14 characters long | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0045 | Ensure 'password policy' is enabled - at least 1 upper case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0046 | Ensure 'password policy' is enabled - at least 1 symbol | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0050 | Ensure `arn` prefix is in use for resource in AWS IAM Policy | AWS | Security Best Practices | LOW |
AC_AWS_0051 | Ensure event subscriptions are enabled for instance level events | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0052 | Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0053 | Ensure IAM authentication is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | MEDIUM |
AC_AWS_0059 | Ensure master username does not use commonly predicted usernames for Amazon Relational Database Service (Amazon RDS) instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0061 | Ensure active directory remains in use to authenticate users for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0069 | Ensure Multi-AZ is enabled for AWS Database Migration Service (DMS) instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0071 | Ensure encryption at rest is enabled for AWS DocumentDB clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0076 | Ensure point-in-time-recovery (PITR) is enabled for AWS DynamoDB tables | AWS | Resilience | MEDIUM |
AC_AWS_0078 | Ensure customer managed keys (CMK) are used for server side encryption (SSE) of AWS DyanamoDB tables | AWS | Data Protection | MEDIUM |
AC_AWS_0079 | Ensure default encryption is enabled for AWS EBS Volumes | AWS | Data Protection | HIGH |
AC_AWS_0086 | Ensure container insights are enabled for Amazon Elastic Container Service (ECS) clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0089 | Ensure potential DATABASE information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0090 | Ensure SECRET information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0091 | Ensure potential TOKEN information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0092 | Ensure potential LICENSE information is not disclosed in plain text in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0101 | Ensure public access is disabled for AWS Elastic Kubernetes Service (EKS) API servers | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0106 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain | AWS | Identity and Access Management | HIGH |
AC_AWS_0113 | Ensure Amazon cognito authentication is enabled for AWS ElasticSearch Domain | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0119 | Ensure permissions are tightly controlled for AWS ElasticSearch Domains | AWS | Identity and Access Management | HIGH |
AC_AWS_0120 | Ensure AWS ELB has one listener configured to listen for HTTPs traffic | AWS | Infrastructure Security | LOW |
AC_AWS_0125 | Ensure public access is disabled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0127 | Ensure flow logs are enabled for AWS Global Accelerator | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0131 | Ensure intelligent threat detection is enabled for all regions via AWS GuardDuty Detector | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0132 | Ensure no root user account access key exists | AWS | Identity and Access Management | HIGH |
AC_AWS_0134 | Ensure password policy requires at least one lowercase character for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AWS_0138 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
AC_AWS_0150 | Ensure a log metric filter and alarm exist for AWS NAT Gateways | AWS | Security Best Practices | HIGH |
AC_AWS_0171 | Ensure weak ciphers are removed for AWS Elastic Load Balancers (ELB) | AWS | Infrastructure Security | HIGH |
AC_AWS_0174 | Ensure log exports is enabled for AWS MQ Brokers | AWS | Logging and Monitoring | LOW |
AC_AWS_0179 | Ensure auto minor version upgrade is enabled for AWS MQ Brokers | AWS | Security Best Practices | MEDIUM |
AC_AWS_0180 | Ensure inter-cluster encryption is enabled for AWS MSK cluster | AWS | Data Protection | HIGH |
AC_AWS_0181 | Ensure that TLS-Only communication should be allowed between AWS MSK client and broker | AWS | Infrastructure Security | HIGH |
AC_AWS_0183 | Ensure IAM database authentication has been enabled for AWS Neptune cluster | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
AC_AWS_0193 | Ensure Auto Minor Version Upgrade feature is Enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0201 | Ensure allow version upgrade is enabled for AWS Redshift Clusters | AWS | Security Best Practices | LOW |
AC_AWS_0202 | Ensure AWS Redshift Cluster should not be using the default port (5439) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0204 | Ensure CloudWatch logging is enabled for AWS Route53 hosted zones | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0211 | Ensure AWS S3 Buckets are not listable for Authenticated users group | AWS | Identity and Access Management | HIGH |
AC_AWS_0214 | Ensure versioning is enabled for AWS S3 Buckets | AWS | Resilience | HIGH |