AC_AZURE_0389 | Ensure resource lock enabled for Azure Resource Group | Azure | Identity and Access Management | LOW |
AC_GCP_0024 | Ensure authentication using Client Certificates is Disabled | GCP | Identity and Access Management | MEDIUM |
AC_GCP_0038 | Ensure default setting for OSLogin is not overridden by Google Compute Instance | GCP | Identity and Access Management | LOW |
AC_GCP_0237 | Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_iam_binding | GCP | Identity and Access Management | MEDIUM |
AC_GCP_0238 | Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible - google_storage_bucket_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0248 | Ensure default service account is not used at organization level for Google Cloud | GCP | Identity and Access Management | HIGH |
AC_GCP_0274 | Ensure OSLogin is enabled for centralized SSH key pair management using Google Project | GCP | Identity and Access Management | MEDIUM |
AC_GCP_0301 | Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs | GCP | Identity and Access Management | HIGH |
AC_K8S_0012 | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | Identity and Access Management | LOW |
AC_K8S_0022 | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0076 | Ensure mounting of hostPaths is disallowed in Kubernetes workload configuration | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0101 | Minimize access to secrets | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0105 | Ensure use of creating Kubernetes rolebindings and attaching Kubernetes roles is minimized in Kubernetes Role | Kubernetes | Identity and Access Management | HIGH |
S3_AWS_0013 | Ensure there are no world-writeable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
S3_AWS_0014 | Ensure there are no world-readable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AWS_0019 | Ensure there is no policy with Empty array Action | AWS | Identity and Access Management | LOW |
AC_AWS_0025 | Ensure there is no policy with invalid principal format for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | LOW |
AC_AWS_0026 | Ensure there is no IAM policy with invalid region used for resource ARN | AWS | Identity and Access Management | LOW |
AC_AWS_0027 | Ensure there is no IAM policy with invalid partition used for resource ARN | AWS | Identity and Access Management | LOW |
AC_AWS_0223 | Ensure 'allow getAcl actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0224 | Ensure 'allow putAcl actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0398 | Ensure actions 'kms:Decrypt' and 'kms:ReEncryptFrom' are not allowed for all keys in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0420 | Ensure there is no policy with Empty array Condition | AWS | Identity and Access Management | LOW |
AC_AWS_0433 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy Attachment | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0458 | Ensure principal is defined for every IAM policy attached to AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
AC_AWS_0470 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0478 | Ensure that IP range is specified in CIDR format for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0479 | Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |
AC_AWS_0482 | Ensure there is no policy with invalid principal key for AWS S3 Bucket policy | AWS | Identity and Access Management | LOW |
AC_AWS_0489 | Ensure Creation of SLR with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0495 | Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0575 | Ensure that Object-level logging for read events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
AC_AWS_0598 | Ensure a support role has been created to manage incidents with AWS Support | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0599 | Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0600 | Ensure there is only one active access key available for any single IAM user | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0627 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0040 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0206 | Ensure cross account access is disabled for Azure SQL Firewall Rule | Azure | Identity and Access Management | MEDIUM |
AC_AWS_0023 | Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
AC_AWS_0041 | Ensure resource ARNs do not have arn field missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0047 | Ensure 'password policy' is enabled - at least 1 number | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0085 | Ensure permissions are tightly controlled for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | HIGH |
AC_AWS_0099 | Ensure there are no public file systems for AWS Elastic File System (EFS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0126 | Ensure permissions are tightly controlled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0133 | Ensure there is no IAM user with permanent programmatic access | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0147 | Ensure full administrative privileges are not created and are attached to a role using AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
AC_AWS_0162 | Ensure that access policy is updated for AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
AC_AWS_0165 | Ensure environment variables do not use AWS secret keys, access keys, or access tokens for AWS Lambda Functions | AWS | Identity and Access Management | HIGH |
AC_AWS_0210 | Ensure there are no publicly listable AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0216 | Ensure AWS S3 Bucket object ownership is more restrictive | AWS | Identity and Access Management | MEDIUM |