| AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
| AC_AZURE_0387 | Ensure That No Custom Subscription Owner Roles Are Created | Azure | Identity and Access Management | MEDIUM |
| AC_AWS_0207 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
| AC_AZURE_0419 | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Azure | Resilience | MEDIUM |
| AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
| AC_AZURE_0412 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
| AC_GCP_0005 | Ensure That Service Account Has No Admin Privileges - google_project_iam_member | GCP | Identity and Access Management | HIGH |
| AC_AWS_0058 | Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
| AC_AWS_0067 | Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scope | AWS | Infrastructure Security | HIGH |
| AC_AWS_0510 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0513 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0516 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0519 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0520 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0521 | Ensure Cassandra Thrift (TCP:9160) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0525 | Ensure LDAP (TCP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0535 | Ensure Memcached SSL (UDP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0539 | Ensure Oracle DB (UDP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0543 | Ensure Redis without SSL (TCP:6379) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0054 | Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Infrastructure Security | HIGH |
| AC_AWS_0609 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
| AC_AZURE_0570 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0591 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
| AC_AWS_0098 | Ensure Customer Managed Keys (CMK) are used for encryption of AWS Elastic File System (EFS) | AWS | Data Protection | HIGH |
| AC_AWS_0197 | Ensure KMS customer managed key (CMK) for encryption of AWS Redshift clusters | AWS | Security Best Practices | HIGH |
| AC_AWS_0198 | Ensure encryption is enabled for AWS Redshift clusters | AWS | Data Protection | MEDIUM |
| AC_AWS_0206 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets | AWS | Data Protection | HIGH |
| AC_AWS_0275 | Ensure no security groups is wide open to public, that is, allows traffic from 0.0.0.0/0 to ALL ports and protocols | AWS | Infrastructure Security | HIGH |
| AC_AZURE_0169 | Ensure that logging for Azure KeyVault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
| AC_AZURE_0136 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Logging and Monitoring | MEDIUM |
| AC_AWS_0042 | Ensure standard password policy must be followed with password at least 14 characters long | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0137 | Eliminate use of the root user for administrative and daily tasks | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0589 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
| AC_GCP_0004 | Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account | GCP | Identity and Access Management | LOW |
| AC_GCP_0028 | Ensure Legacy Authorization (ABAC) is Disabled | GCP | Identity and Access Management | HIGH |
| AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| S3_AWS_0005 | Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
| AC_AZURE_0342 | Ensure that RDP access is restricted from the internet | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0357 | Ensure that UDP Services are restricted from the Internet | Azure | Infrastructure Security | HIGH |
| AC_AWS_0632 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
| AC_AZURE_0373 | Ensure that 'Secure transfer required' is set to 'Enabled' | Azure | Data Protection | HIGH |
| AC_GCP_0010 | Ensure That the Default Network Does Not Exist in a Project - google_project | GCP | Infrastructure Security | LOW |
| AC_GCP_0234 | Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled | GCP | Identity and Access Management | LOW |
| AC_GCP_0239 | Ensure That Service Account Has No Admin Privileges - google_storage_bucket_iam_member | GCP | Identity and Access Management | HIGH |
| AC_GCP_0253 | Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' | GCP | Compliance Validation | LOW |
| AC_GCP_0027 | Ensure Master Authorized Networks is Enabled | GCP | Infrastructure Security | HIGH |
| AC_AWS_0138 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
| AC_AZURE_0574 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0576 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
