AC_K8S_0044 | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0053 | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | Identity and Access Management | LOW |
AC_AZURE_0557 | Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
AC_AWS_0004 | Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration date | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0006 | Ensure Amazon Machine Image (AMI) is not shared among multiple accounts | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0018 | Ensure encryption is enabled for AWS Athena Query | AWS | Data Protection | MEDIUM |
AC_AWS_0070 | Ensure auto minor version upgrade is enabled for AWS Database Migration Service (DMS) instances | AWS | Security Best Practices | MEDIUM |
AC_AWS_0109 | Ensure latest version of elasticsearch engine is used for AWS ElasticSearch Domains | AWS | Compliance Validation | MEDIUM |
AC_AWS_0112 | Ensure encryption at-rest is enabled for AWS ElasticSearch Domains | AWS | Data Protection | HIGH |
AC_AWS_0114 | Ensure node-to-node encryption is enabled for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0178 | Ensure customer owned KMS key is used for encrypting AWS MQ Brokers | AWS | Data Protection | HIGH |
AC_AWS_0451 | Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log Group | AWS | Data Protection | HIGH |
AC_AWS_0460 | Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery Stream | AWS | Data Protection | HIGH |
AC_AZURE_0134 | Ensure that minimum TLS version is set to 1.2 for Azure MSSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0224 | Ensure latest TLS/SSL version is in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0360 | Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale Set | Azure | Security Best Practices | MEDIUM |
AC_GCP_0016 | Ensure container-optimized OS (COS) is used for Google Container Node Pool | GCP | Compliance Validation | LOW |
AC_GCP_0289 | Ensure cloud instance snapshots are encrypted through Google Compute Snapshot | GCP | Data Protection | MEDIUM |
AC_GCP_0366 | Ensure API Keys Are Restricted to Only APIs That Application Needs Access | GCP | Security Best Practices | MEDIUM |
AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_K8S_0032 | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
S3_AWS_0005 | Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
AC_AWS_0019 | Ensure there is no policy with Empty array Action | AWS | Identity and Access Management | LOW |
AC_AWS_0223 | Ensure 'allow getAcl actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0224 | Ensure 'allow putAcl actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AZURE_0121 | Ensure HTTPS is enabled for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0125 | Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0354 | Ensure that VPN Encryption is enabled for Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
S3_AWS_0013 | Ensure there are no world-writeable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
S3_AWS_0014 | Ensure there are no world-readable AWS S3 Buckets - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
AC_AZURE_0376 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_K8S_0018 | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | Identity and Access Management | MEDIUM |
S3_AWS_0015 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_GCP_0015 | Ensure Node Auto-Repair is enabled for GKE nodes | GCP | Security Best Practices | LOW |
AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
AC_K8S_0055 | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_GCP_0027 | Ensure Master Authorized Networks is Enabled | GCP | Infrastructure Security | HIGH |
AC_AWS_0097 | Ensure VPC is enabled for AWS Redshift Cluster | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0123 | Ensure access logging is enabled for AWS ELB | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0164 | Ensure VPC access is enabled for AWS Lambda Functions | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0392 | Ensure public IP address is not used AWS EC2 instances | AWS | Infrastructure Security | HIGH |
AC_AWS_0399 | Ensure public IP address is not assigned to Amazon Elastic Container Service (ECS) | AWS | Infrastructure Security | HIGH |
AC_AWS_0578 | Ensure AWS NAT Gateways are used instead of default routes for AWS Route Table | AWS | Data Protection | HIGH |
AC_AZURE_0092 | Ensure shared access policies are not used for IoT Hub Device Provisioning Service (DPS) | Azure | Infrastructure Security | HIGH |
AC_AZURE_0098 | Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0101 | Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to false | Azure | Infrastructure Security | HIGH |
AC_AZURE_0102 | Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0109 | Ensure public IP addresses are not assigned to Azure Linux Virtual Machines | Azure | Security Best Practices | HIGH |
AC_AZURE_0206 | Ensure cross account access is disabled for Azure SQL Firewall Rule | Azure | Identity and Access Management | MEDIUM |