AC_K8S_0036 | Ensure that the --service-account-lookup argument is set to true | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0052 | Ensure that the --profiling argument is set to false | Kubernetes | Logging and Monitoring | LOW |
AC_GCP_0005 | Ensure That Service Account Has No Admin Privileges - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_AZURE_0169 | Ensure that logging for Azure KeyVault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_K8S_0021 | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0026 | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0044 | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0053 | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | Identity and Access Management | LOW |
AC_AZURE_0246 | Ensure that 'Java version' is the latest, if used to run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0212 | Ensure the "Minimum TLS version" is set to "Version 1.2" | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
S3_AWS_0005 | Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
AC_AWS_0134 | Ensure password policy requires at least one lowercase character for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AZURE_0216 | Ensure that a 'Diagnostics Setting' exists | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0324 | Ensure that Microsoft Defender for Container Registries is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0331 | Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0552 | Enable Role Based Access Control for Azure Key Vault | Azure | Data Protection | LOW |
AC_AWS_0058 | Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0067 | Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scope | AWS | Infrastructure Security | HIGH |
AC_AZURE_0019 | Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0556 | Ensure That No Custom Subscription Administrator Roles Exist | Azure | Identity and Access Management | MEDIUM |
AC_AWS_0057 | Ensure CA certificate used is not older than 1 year for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AZURE_0165 | Ensure that only allowed key types are in use for Azure Key Vault Certificate | Azure | Compliance Validation | HIGH |
AC_AZURE_0190 | Ensure auto renew of certificates is turned off for Azure App Service Certificate Order | Azure | Infrastructure Security | LOW |
AC_AZURE_0315 | Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0270 | Ensure the GKE Metadata Server is Enabled | GCP | Security Best Practices | LOW |
S3_AWS_0015 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_AWS_0595 | Ensure access keys are rotated every 90 days or less | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0401 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_K8S_0102 | Ensure impersonate access to Kubernetes resources is minimized in Kubernetes Role | Kubernetes | Identity and Access Management | HIGH |
AC_AWS_0428 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0025 | Ensure there is no policy with invalid principal format for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | LOW |
AC_AWS_0027 | Ensure there is no IAM policy with invalid partition used for resource ARN | AWS | Identity and Access Management | LOW |
AC_AWS_0031 | Ensure only lower case letters are in use for resource in AWS IAM Policy | AWS | Security Best Practices | LOW |
AC_AWS_0130 | Ensure 'Job Bookmark Encryption' is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0398 | Ensure actions 'kms:Decrypt' and 'kms:ReEncryptFrom' are not allowed for all keys in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0404 | Ensure Principal is removed from all AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0405 | Ensure NotPrincipal is removed from all AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0410 | Ensure wildcards(*) are only at end of strings in Action of AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0425 | Ensure root access is disabled for AWS SageMaker Notebook instances | AWS | Security Best Practices | HIGH |
AC_AWS_0433 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy Attachment | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0436 | Ensure automatic backups are enabled for AWS Elasticache Cluster | AWS | Data Protection | MEDIUM |
AC_AWS_0478 | Ensure that IP range is specified in CIDR format for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0479 | Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |
AC_AWS_0482 | Ensure there is no policy with invalid principal key for AWS S3 Bucket policy | AWS | Identity and Access Management | LOW |
AC_AWS_0489 | Ensure Creation of SLR with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0495 | Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AZURE_0115 | Ensure that authentication feature is enabled for Azure Linux Function App | Azure | Security Best Practices | LOW |