| AC_K8S_0015 | Ensure Kubernetes Network policy does not allow ingress from public IPs to SSH | Kubernetes | Infrastructure Security | HIGH |
| AC_K8S_0016 | Ensure Kubernetes Network policy does not allow ingress from public IPs to access sql servers | Kubernetes | Infrastructure Security | HIGH |
| AC_K8S_0017 | Ensure Kubernetes Network policy does not allow ingress from public IPs to access Redis servers | Kubernetes | Infrastructure Security | HIGH |
| AC_K8S_0060 | Ensure that the --auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0062 | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0063 | Ensure that the --peer-auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0088 | Ensure mounting Docker socket daemon in a container is limited | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0111 | Ensure for exposing Kubernetes workload to the internet, NodePort service is not used | Kubernetes | Infrastructure Security | LOW |
| AC_K8S_0124 | Ensure envoy proxies are not configured in permissive mode in Istio Peer Authentication | Kubernetes | Infrastructure Security | MEDIUM |
| AC_AWS_0646 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
| AC_AZURE_0270 | Ensure CIFS / SMB (TCP:3020) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0273 | Ensure Cassandra (TCP:7001) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0274 | Ensure Cassandra (TCP:7001) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0275 | Ensure Cassandra (TCP:7001) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0292 | Ensure that public access is disabled in Azure Key Vault | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0424 | Ensure VNC Server (TCP:5900) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0428 | Ensure Telnet (TCP:23) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0431 | Ensure SaltStack Master (TCP:4506) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0436 | Ensure SaltStack Master (TCP:4505) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0438 | Ensure SQL Server Analysis (TCP:2383) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0443 | Ensure SNMP (Udp:161) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0453 | Ensure web port (TCP:3000) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0461 | Ensure POP3 (TCP:110) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0462 | Ensure POP3 (TCP:110) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0468 | Ensure Oracle DB SSL (TCP:2484) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0474 | Ensure NetBIOS Session Service (TCP:139) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0476 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0477 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0478 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0482 | Ensure NetBIOS Name Service (Udp:137) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0488 | Ensure MySQL (TCP:3306) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0493 | Ensure Mongo Web Portal (TCP:27018) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0497 | Ensure Memcached SSL (Udp:11215) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0510 | Ensure MSSQL Server (TCP:1433) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0516 | Ensure MSSQL Browser (Udp:1434) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0518 | Ensure MSSQL Admin (TCP:1434) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0531 | Ensure Hadoop Name Node (TCP:9000) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0570 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_GCP_0002 | Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL | GCP | Infrastructure Security | HIGH |
| AC_GCP_0010 | Ensure That the Default Network Does Not Exist in a Project - google_project | GCP | Infrastructure Security | LOW |
| AC_GCP_0032 | Ensure Legacy Networks Do Not Exist for Older Projects | GCP | Infrastructure Security | LOW |
| AC_GCP_0037 | Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0282 | Ensure That Compute Instances Do Not Have Public IP Addresses | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0319 | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
| AC_K8S_0051 | Prefer using secrets as files over secrets as environment variables | Kubernetes | Infrastructure Security | HIGH |
| AC_AWS_0065 | Ensure Amazon Relational Database Service (Amazon RDS) instance is not open to more than 256 hosts | AWS | Infrastructure Security | HIGH |
| AC_AWS_0066 | Ensure Amazon Relational Database Service (Amazon RDS) instances do not have public interface defined | AWS | Infrastructure Security | HIGH |
| AC_AWS_0115 | Ensure HTTPS-only is enforced for AWS ElasticSearch Domain | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0172 | Ensure recommended SSL/TLS protocol version is used for AWS Elastic Load Balancers (ELB) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0173 | Ensure a default root object is configured for AWS Cloudfront Distribution | AWS | Infrastructure Security | MEDIUM |
