AC_AWS_0105 | Ensure slow logs (index slow logs) are enabled for AWS ElasticSearch Domain | AWS | Compliance Validation | MEDIUM |
AC_AWS_0117 | Ensure latest TLS version is used for AWS ElasticSearch Nodes | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0225 | Ensure network isolation is enabled for AWS SageMaker | AWS | Security Best Practices | MEDIUM |
AC_AWS_0374 | Ensure data encryption is enabled for AWS X-Ray | AWS | Data Protection | HIGH |
AC_AZURE_0145 | Ensure ingestion is not supported over public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0220 | Ensure Customer Managed Key (CMK) is configured for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0221 | Ensure CORS is configured to allow only trusted clients for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0298 | Ensure that Azure Data Explorer uses double encryption in Azure Kusto Cluster | Azure | Data Protection | MEDIUM |
AC_GCP_0283 | Ensure KMS customer managed keys are used in Google Dataflow Job | GCP | Data Protection | MEDIUM |
AC_AZURE_0254 | Ensure public network access is disabled for Azure Cognitive Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0266 | Ensure managed virtual networks are in use for Azure Synapse Workspace | Azure | Infrastructure Security | LOW |
AC_AZURE_0307 | Ensure public access is disabled for Azure Search Service | Azure | Infrastructure Security | HIGH |
AC_AZURE_0379 | Ensure data encryption is enabled for Azure Synapse SQL Pool | Azure | Data Protection | MEDIUM |
AC_AWS_0107 | Ensure dedicated master nodes are enabled for AWS ElasticSearch Domains | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0108 | Ensure general purpose SSD node type is not used for AWS ElasticSearch Domains | AWS | Compliance Validation | HIGH |
AC_AWS_0115 | Ensure HTTPS-only is enforced for AWS ElasticSearch Domain | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0118 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain_policy | AWS | Identity and Access Management | HIGH |
AC_AZURE_0211 | Ensure data backup is enabled using `backup_blob_container_uri` for Azure Analysis Services Servers | Azure | Resilience | MEDIUM |
AC_AWS_0109 | Ensure latest version of elasticsearch engine is used for AWS ElasticSearch Domains | AWS | Compliance Validation | MEDIUM |
AC_AWS_0112 | Ensure encryption at-rest is enabled for AWS ElasticSearch Domains | AWS | Data Protection | HIGH |
AC_AWS_0114 | Ensure node-to-node encryption is enabled for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0130 | Ensure 'Job Bookmark Encryption' is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0425 | Ensure root access is disabled for AWS SageMaker Notebook instances | AWS | Security Best Practices | HIGH |
AC_AWS_0460 | Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery Stream | AWS | Data Protection | HIGH |
AC_AWS_0611 | Ensure AWS Security Hub is enabled | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0253 | Ensure system-assigned managed identity authentication is used for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0261 | Ensure public network access is disabled for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0110 | Ensure ElasticSearch Zone Awareness is enabled | AWS | Resilience | MEDIUM |
AC_AWS_0111 | Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0116 | Ensure advanced security options are enabled for AWS ElasticSearch Domain | AWS | Infrastructure Security | HIGH |
AC_AWS_0128 | Ensure S3 encryption configuration is configured for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0129 | Ensure CloudWatch log encryption is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0155 | Ensure at-rest server side encryption (SSE) is enabled for data stored in AWS Kinesis Server | AWS | Data Protection | HIGH |
AC_AWS_0157 | Ensure KMS customer managed keys are used for encryption in AWS Kinesis Streams | AWS | Data Protection | HIGH |
AC_AWS_0158 | Ensure sufficient data retention period is set for AWS Kinesis Streams | AWS | Resilience | MEDIUM |
AC_AZURE_0147 | Ensure Azure log retention is set at least 90 days for Azure Log Analytics Workspace | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0255 | Ensure virtual network configuration is added for Azure Kusto Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0299 | Ensure that Azure Data Explorer uses disk encryption in Azure Kusto Cluster | Azure | Data Protection | MEDIUM |
AC_AWS_0106 | Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain | AWS | Identity and Access Management | HIGH |
AC_AWS_0113 | Ensure Amazon cognito authentication is enabled for AWS ElasticSearch Domain | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0119 | Ensure permissions are tightly controlled for AWS ElasticSearch Domains | AWS | Identity and Access Management | HIGH |
AC_AWS_0384 | Ensure data encryption is enabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
AC_AWS_0424 | Ensure direct access from the internet is disabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
AC_AZURE_0144 | Ensure queries are not supported over the public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0146 | Ensure log analytics workspace has daily quota value set for Azure Log Analytics Workspace | Azure | Compliance Validation | LOW |
AC_AZURE_0225 | Ensure Power BI analysis services are defined for Azure Analysis Services Server | Azure | Compliance Validation | LOW |
AC_AZURE_0226 | Ensure public access is disabled for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0257 | Ensure Azure Active Directory (AAD) is configured for Azure Synapse Workspace | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0345 | Ensure data exfiltration protection is enabled for Azure Synapse Workspace | Azure | Data Protection | MEDIUM |
AC_AZURE_0420 | Ensure only whitelisted IPs can use Azure Search Service | Azure | Infrastructure Security | MEDIUM |