AC_GCP_0210 | Ensure Oracle DB (TCP:1521) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0220 | Ensure Hadoop Name Node (TCP:9000) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0226 | Ensure FTP (TCP:20) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0227 | Ensure FTP (TCP:20) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0231 | Enable VPC Flow Logs and Intranode Visibility | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0235 | Ensure encryption is enabled for Google Cloud Storage Buckets | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0260 | Ensure That SSH Access Is Restricted From the Internet | GCP | Infrastructure Security | HIGH |
AC_GCP_0290 | Ensure master authorized networks config block is set for Google Container Cluster | GCP | Infrastructure Security | LOW |
AC_GCP_0302 | Ensure security rule is configured for protection against Apache Log4j2 in Google Compute Security Policy | GCP | Infrastructure Security | HIGH |
AC_GCP_0371 | Ensure That the Default Network Does Not Exist in a Project - google_compute_network | GCP | Infrastructure Security | LOW |
AC_K8S_0003 | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | Infrastructure Security | LOW |
AC_K8S_0029 | Ensure that the --secure-port argument is not set to 0 | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0065 | Ensure that a unique Certificate Authority is used for etcd | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0083 | Minimize the admission of containers wishing to share the host IPC namespace | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0092 | Ensure that the --kubelet-https argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0110 | Ensure that the Tiller Service (Helm v2) is not deployed for Kubernetes service | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0122 | Ensure DENY-with-negative-matching exist for Istio Authorization Object | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0127 | Ensure metadata annotations are restricted in an Ingress object | Kubernetes | Infrastructure Security | HIGH |
AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0253 | Ensure system-assigned managed identity authentication is used for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0261 | Ensure public network access is disabled for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0265 | Ensure Secrets are not exposed in customData used in Azure Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0272 | Ensure CIFS / SMB (TCP:3020) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0276 | Ensure Cassandra OpsCenter (TCP:61621) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0287 | Ensure SSH (TCP:22) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0308 | Ensure public access is disabled for Azure MySQL Single Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0336 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0342 | Ensure that RDP access is restricted from the internet | Azure | Infrastructure Security | HIGH |
AC_AZURE_0351 | Ensure Azure Web Application Firewall Policy is enabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0353 | Ensure a site-to-site VPN functionality by making use of Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0354 | Ensure that VPN Encryption is enabled for Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0357 | Ensure that UDP Services are restricted from the Internet | Azure | Infrastructure Security | HIGH |
AC_AZURE_0374 | Ensure a firewall is attached to Azure SQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0381 | Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0391 | Ensure that firewall rules does not allow unrestricted access to Azure Redis Cache from other Azure sources | Azure | Infrastructure Security | HIGH |
AC_AZURE_0423 | Ensure VNC Server (TCP:5900) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0435 | Ensure SaltStack Master (TCP:4505) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0451 | Ensure Puppet Master (TCP:8140) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0456 | Ensure PostgreSQL (Udp:5432) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0458 | Ensure PostgreSQL (TCP:5432) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0463 | Ensure POP3 (TCP:110) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0464 | Ensure Oracle DB SSL (Udp:2484) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0467 | Ensure Oracle DB SSL (TCP:2484) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0475 | Ensure NetBIOS Session Service (TCP:139) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0485 | Ensure NetBIOS Name Service (TCP:137) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0499 | Ensure Memcached SSL (Udp:11215) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0501 | Ensure Memcached SSL (Udp:11214) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0503 | Ensure Memcached SSL (TCP:11215) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0504 | Ensure Memcached SSL (TCP:11215) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0509 | Ensure MSSQL Server (TCP:1433) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |