AC_AWS_0275 | Ensure no security groups is wide open to public, that is, allows traffic from 0.0.0.0/0 to ALL ports and protocols | AWS | Infrastructure Security | HIGH |
AC_K8S_0076 | Ensure mounting of hostPaths is disallowed in Kubernetes workload configuration | Kubernetes | Identity and Access Management | HIGH |
AC_AZURE_0563 | Ensure Private Endpoints are used to access Storage Accounts | Azure | Data Protection | MEDIUM |
AC_AZURE_0564 | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | Azure | Data Protection | MEDIUM |
AC_GCP_0018 | Ensure that Alpha clusters are not used for production workloads | GCP | Security Best Practices | LOW |
AC_AWS_0611 | Ensure AWS Security Hub is enabled | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0342 | Ensure that RDP access is restricted from the internet | Azure | Infrastructure Security | HIGH |
AC_AZURE_0357 | Ensure that UDP Services are restricted from the Internet | Azure | Infrastructure Security | HIGH |
AC_AWS_0574 | Ensure that Object-level logging for write events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
AC_AZURE_0088 | Ensure App Service Authentication is set up for apps in Azure App Service | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0544 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0553 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0565 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0566 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0581 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_linux_web_app | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0032 | Ensure Legacy Networks Do Not Exist for Older Projects | GCP | Infrastructure Security | LOW |
AC_GCP_0037 | Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0261 | Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0280 | Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets | GCP | Data Protection | MEDIUM |
AC_GCP_0304 | Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK) | GCP | Data Protection | MEDIUM |
AC_GCP_0305 | Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes | GCP | Logging and Monitoring | MEDIUM |
AC_AWS_0033 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | AWS | Logging and Monitoring | HIGH |
AC_AWS_0080 | Ensure EBS volume encryption is enabled | AWS | Data Protection | HIGH |
AC_AZURE_0079 | Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) | Azure | Data Protection | MEDIUM |
AC_AZURE_0242 | Ensure Diagnostic Setting captures appropriate categories | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0333 | Ensure that Activity Log Alert exists for Delete Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0397 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Azure | Infrastructure Security | LOW |
AC_AZURE_0570 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0591 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0593 | Ensure that IAM Access analyzer is enabled for all regions | AWS | Infrastructure Security | MEDIUM |
AC_K8S_0022 | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | Identity and Access Management | HIGH |
AC_K8S_0027 | Ensure that the --insecure-bind-address argument is not set | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0037 | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0057 | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0117 | Ensure Kubernetes NetworkPolicy object is defined for every Kubernetes Namespace | Kubernetes | Infrastructure Security | MEDIUM |
AC_AWS_0042 | Ensure standard password policy must be followed with password at least 14 characters long | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0564 | Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs | AWS | Security Best Practices | HIGH |
AC_AWS_0567 | Ensure a log metric filter and alarm exist for security group changes | AWS | Security Best Practices | HIGH |
AC_AZURE_0413 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0251 | Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
AC_AWS_0566 | Ensure a log metric filter and alarm exist for AWS Config configuration changes | AWS | Security Best Practices | HIGH |
AC_AWS_0587 | Ensure a log metric filter and alarm exist for usage of 'root' account | AWS | Security Best Practices | HIGH |
AC_AWS_0591 | Ensure EBS Volume Encryption is Enabled in all Regions | AWS | Data Protection | HIGH |
AC_AZURE_0025 | Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access | Azure | Infrastructure Security | HIGH |
AC_AZURE_0060 | Ensure that UDP access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
AC_AZURE_0562 | Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | HIGH |
AC_AZURE_0567 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0568 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_linux_web_app | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0582 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_windows_web_app | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0262 | Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured | GCP | Compliance Validation | LOW |