| AC_AWS_0353 | Ensure Prevalentknowninternalport' (TCP,3000) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0354 | Ensure PuppetMaster' (TCP,8140) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0355 | Ensure SNMP' (UDP,161) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0356 | Ensure SQLServerAnalysisServicebrowser' (TCP,2382) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0357 | Ensure SQLServerAnalysisServices' (TCP,2383) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0358 | Ensure OracleDatabaseServer' (TCP,521) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0359 | Ensure Telnet' (TCP,23) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0360 | Ensure SMTP' (TCP,25) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0361 | Ensure CIFSforfile/printer' (TCP,445) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0362 | Ensure MongoDB' (TCP,27017) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0363 | Ensure Elasticsearch' (TCP,9300) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0364 | Ensure server side encryption (SSE) is enabled for Amazon Simple Notification Service (SNS) Topic | AWS | Data Protection | MEDIUM |
| AC_AWS_0365 | Ensure Amazon Simple Queue Service (SQS) is not exposed to public | AWS | Identity and Access Management | HIGH |
| AC_AWS_0366 | Ensure Server Side Encryption (SSE) is enabled Amazon Simple Queue Service (SQS) queue | AWS | Security Best Practices | HIGH |
| AC_AWS_0367 | Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway Volumes | AWS | Security Best Practices | HIGH |
| AC_AWS_0368 | Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway File Shares | AWS | Security Best Practices | HIGH |
| AC_AWS_0369 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
| AC_AWS_0370 | Ensure default VPC is not used for AWS VPC | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0371 | Ensure user volumes are encrypted for the AWS Workspaces | AWS | Data Protection | MEDIUM |
| AC_AWS_0372 | Ensure root volumes are encrypted for the AWS Workspaces | AWS | Data Protection | MEDIUM |
| AC_AWS_0373 | Ensure running mode is set to AutoStop for AWS Workspaces | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0374 | Ensure data encryption is enabled for AWS X-Ray | AWS | Data Protection | HIGH |
| AC_AWS_0375 | Ensure server-side encryption (SSE) is enforced for AWS DynamoDB tables | AWS | Data Protection | MEDIUM |
| AC_AWS_0376 | Ensure server side encryption (SSE) is using a customer-managed KMS Key for AWS DynamoDB tables | AWS | Data Protection | HIGH |
| AC_AWS_0377 | Ensure permissions are tightly controlled for AWS EFS File System | AWS | Identity and Access Management | HIGH |
| AC_AWS_0378 | Ensure all data stored is encrypted at-rest for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
| AC_AWS_0379 | Ensure all data stored is encrypted in-transit for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
| AC_AWS_0380 | Ensure all data stored is encrypted in-transit and has auth token for authentication for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
| AC_AWS_0381 | Ensure public access is disabled for AWS Neptune cluster instances | AWS | Data Protection | MEDIUM |
| AC_AWS_0382 | Ensure that cluster nodes are of given types for AWS Redshift Cluster | AWS | Compliance Validation | LOW |
| AC_AWS_0383 | Ensure AWS Redshift database clusters are not using 'awsuser' (default master user name) for database access | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0384 | Ensure data encryption is enabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
| AC_AWS_0385 | Ensure public access is disabled for Amazon Simple Notification Service (SNS) | AWS | Identity and Access Management | HIGH |
| AC_AWS_0386 | Ensure that inline policy does not expose secrets in AWS Secrets Manager | AWS | Security Best Practices | HIGH |
| AC_AWS_0387 | Ensure that access policy does not allow anonymous access for AWS Secrets Manager | AWS | Security Best Practices | HIGH |
| AC_AWS_0388 | Ensure field-level encryption is enabled for AWS CloudFront distribution | AWS | Data Protection | MEDIUM |
| AC_AWS_0389 | Ensure feature to compress objects automatically is configured for AWS Cloudfront | AWS | Compliance Validation | LOW |
| AC_AWS_0390 | Ensure origin access identity is enabled for AWS CloudFront distributions with S3 origin | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0391 | Ensure 'public IP on launch' is not enabled for AWS Subnets | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0392 | Ensure public IP address is not used AWS EC2 instances | AWS | Infrastructure Security | HIGH |
| AC_AWS_0393 | Ensure automated backup using EFS Backup policy is enabled for AWS Elastic File System (EFS) | AWS | Resilience | MEDIUM |
| AC_AWS_0394 | Ensure secure ciphers are used for AWS CloudFront distribution | AWS | Data Protection | HIGH |
| AC_AWS_0395 | Ensure logging is enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0396 | Ensure requests greater than 8 KB are blocked by AWS Web Application Firewall | AWS | Security Best Practices | HIGH |
| AC_AWS_0397 | Ensure multiple ENI are not attached to a single AWS Instance | AWS | Security Best Practices | LOW |
| AC_AWS_0398 | Ensure actions 'kms:Decrypt' and 'kms:ReEncryptFrom' are not allowed for all keys in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0399 | Ensure public IP address is not assigned to Amazon Elastic Container Service (ECS) | AWS | Infrastructure Security | HIGH |
| AC_AWS_0400 | Ensure active tracing is enabled for AWS API Gateway Stage | AWS | Logging and Monitoring | LOW |
| AC_AWS_0401 | Ensure encryption at rest is enabled for AWS Backup Vault | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0402 | Ensure wildcards(*) are not used in IAM policies for AWS Backup Vault Policy | AWS | Infrastructure Security | MEDIUM |
