AC_GCP_0263 | Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges | GCP | Compliance Validation | LOW |
AC_GCP_0273 | Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0279 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0306 | Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0309 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0310 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes | GCP | Logging and Monitoring | MEDIUM |
AC_AWS_0632 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
AC_AZURE_0373 | Ensure that 'Secure transfer required' is set to 'Enabled' | Azure | Data Protection | HIGH |
AC_GCP_0010 | Ensure That the Default Network Does Not Exist in a Project - google_project | GCP | Infrastructure Security | LOW |
AC_GCP_0234 | Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled | GCP | Identity and Access Management | LOW |
AC_GCP_0239 | Ensure That Service Account Has No Admin Privileges - google_storage_bucket_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0253 | Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' | GCP | Compliance Validation | LOW |
AC_GCP_0237 | Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_iam_binding | GCP | Identity and Access Management | MEDIUM |
AC_K8S_0129 | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | Compliance Validation | MEDIUM |
CIS_AZURE_0217 | Ensure Storage for Critical Data are Encrypted with Customer Managed Keys | Azure | Data Protection | MEDIUM |
AC_AZURE_0069 | Ensure that Activity Log Alert exists for Create or Update Public IP Address rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0072 | Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0558 | Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
AC_AZURE_0086 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0122 | Ensure FTP deployments are Disabled - azurerm_linux_function_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0131 | Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0163 | Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0573 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0583 | Ensure FTP deployments are Disabled - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0138 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
AC_GCP_0002 | Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL | GCP | Infrastructure Security | HIGH |
AC_K8S_0001 | Configure Image Provenance using ImagePolicyWebhook admission controller | Kubernetes | Identity and Access Management | MEDIUM |
AC_AWS_0586 | Ensure a log metric filter and alarm exist for unauthorized API calls | AWS | Security Best Practices | HIGH |
AC_AWS_0588 | Ensure a log metric filter and alarm exist for AWS Management Console authentication failures | AWS | Security Best Practices | HIGH |
AC_GCP_0313 | Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible | GCP | Data Protection | MEDIUM |
AC_AWS_0209 | Ensure MFA Delete is enable on S3 buckets | AWS | Security Best Practices | HIGH |
AC_GCP_0035 | Ensure Compute instances are launched with Shielded VM enabled | GCP | Infrastructure Security | LOW |
AC_AZURE_0180 | Ensure load balancer is enabled for Azure Front Door | Azure | Resilience | MEDIUM |
AC_AZURE_0347 | Ensure that automatic failover is enabled for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AWS_0604 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
AC_GCP_0282 | Ensure That Compute Instances Do Not Have Public IP Addresses | GCP | Infrastructure Security | MEDIUM |
AC_AWS_0605 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0167 | Ensure the Key Vault is Recoverable | Azure | Data Protection | MEDIUM |
AC_AZURE_0408 | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | Azure | Infrastructure Security | HIGH |
AC_GCP_0033 | Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0099 | Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately | GCP | Compliance Validation | LOW |
AC_GCP_0299 | Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter | GCP | Compliance Validation | LOW |
AC_AZURE_0322 | Ensure that Microsoft Defender for Key Vault is set to 'On' | Azure | Data Protection | MEDIUM |
AC_K8S_0047 | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0058 | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0109 | Ensure that the --secure-port argument is not set to 0 | Kubernetes | Infrastructure Security | HIGH |
AC_AZURE_0026 | Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AWS_0038 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0126 | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server | Azure | Infrastructure Security | MEDIUM |
S3_AWS_0010 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |