AC_AWS_0534 | Ensure Memcached SSL (UDP:11211) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0544 | Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0590 | Ensure the default security group of every VPC restricts all traffic | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0045 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0095 | Ensure TLS 1.2 or greater is used for IoT Hub | Azure | Infrastructure Security | HIGH |
AC_AZURE_0105 | Ensure that the attribute 'vulnerable_tls_cipher_suite' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0106 | Ensure that the attribute 'acr_authentication' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0107 | Ensure that the attribute 'baseline' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0114 | Ensure HTTPS is enabled for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0116 | Ensure FTP deployments are Disabled - azurerm_windows_function_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0130 | Ensure advanced threat protection is used for Azure MySQL Single Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0145 | Ensure ingestion is not supported over public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0184 | Ensure to filter source IP's for Azure CosmosDB Account | Azure | Infrastructure Security | HIGH |
AC_AZURE_0188 | Ensure end-to-end TLS is enabled to encrypt and securely transmit sensitive data to the backend for Azure Application Gateway | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0196 | Ensure that IP restrictions rules are configured for Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0220 | Ensure Customer Managed Key (CMK) is configured for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0221 | Ensure CORS is configured to allow only trusted clients for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0252 | Ensure public IP addresses are disabled in Azure Databricks Workspaces | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0263 | Ensure public network access is disabled for Azure Batch Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0278 | Ensure HTTP is disallowed for Azure CDN Endpoint | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0306 | Ensures that Active Directory is used for authentication for Azure Service Fabric Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0309 | Ensure default network access rule is set to deny in Azure Storage Account Network Rules | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0316 | Ensure public network access disabled for Azure CosmosDB Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0321 | Ensure public access is disabled for Azure Managed Disk | Azure | Infrastructure Security | HIGH |
AC_AZURE_0334 | Ensure FTP deployments are Disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0356 | Ensure every subnet block is configured with a Network Security Group in Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0372 | Ensure Default Network Access Rule for Storage Accounts is Set to Deny | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0380 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0422 | Ensure VNC Server (TCP:5900) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0429 | Ensure Telnet (TCP:23) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0432 | Ensure SaltStack Master (TCP:4506) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0439 | Ensure SQL Server Analysis (TCP:2383) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0440 | Ensure SQL Server Analysis (TCP:2382) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0444 | Ensure SNMP (Udp:161) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0446 | Ensure SMTP (TCP:25) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0454 | Ensure web port (TCP:3000) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0457 | Ensure PostgreSQL (Udp:5432) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0460 | Ensure PostgreSQL (TCP:5432) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0469 | Ensure Oracle DB SSL (TCP:2484) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0470 | Ensure NetBIOS Session Service (Udp:139) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0472 | Ensure NetBIOS Session Service (Udp:139) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0473 | Ensure NetBIOS Session Service (TCP:139) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0483 | Ensure NetBIOS Name Service (Udp:137) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0487 | Ensure NetBIOS Name Service (TCP:137) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0492 | Ensure Mongo Web Portal (TCP:27018) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0495 | Ensure Microsoft-DS (TCP:445) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0502 | Ensure Memcached SSL (Udp:11214) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0508 | Ensure Memcached SSL (TCP:11214) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0511 | Ensure MSSQL Server (TCP:1433) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0523 | Ensure LDAP SSL (TCP:636) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |