AC_K8S_0021 | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0026 | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0044 | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0053 | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | Identity and Access Management | LOW |
AC_AZURE_0169 | Ensure that logging for Azure KeyVault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_AWS_0007 | Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0171 | Ensure zone resiliency is turned on for all Azure Image | Azure | Resilience | LOW |
AC_AZURE_0181 | Ensure Azure services are zone redundant for Azure Eventhub Namespace | Azure | Resilience | MEDIUM |
AC_AZURE_0044 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0332 | Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
AC_GCP_0336 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
AC_K8S_0062 | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_K8S_0063 | Ensure that the --peer-auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_K8S_0032 | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
S3_AWS_0005 | Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
AC_AWS_0151 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
AC_AWS_0585 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
AC_AZURE_0409 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0555 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
AC_GCP_0027 | Ensure Master Authorized Networks is Enabled | GCP | Infrastructure Security | HIGH |
AC_K8S_0055 | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_GCP_0296 | Ensure Container-Optimized OS (cos_containerd) is used for GKE node images | GCP | Compliance Validation | LOW |
AC_K8S_0060 | Ensure that the --auto-tls argument is not set to true | Kubernetes | Infrastructure Security | MEDIUM |
AC_GCP_0271 | Ensure Secure Boot for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
AC_AZURE_0387 | Ensure That No Custom Subscription Owner Roles Are Created | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0375 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Compliance Validation | LOW |
AC_GCP_0025 | Ensure use of VPC-native clusters | GCP | Compliance Validation | HIGH |
AC_GCP_0030 | Ensure Stackdriver Kubernetes Logging and Monitoring is Enabled | GCP | Logging and Monitoring | HIGH |
AC_GCP_0337 | Ensure Cloud Asset Inventory Is Enabled | GCP | Logging and Monitoring | MEDIUM |
AC_K8S_0090 | Ensure that the --basic-auth-file argument is not set | Kubernetes | Identity and Access Management | MEDIUM |
AC_AWS_0428 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
AC_AZURE_0085 | Ensure that logging for Azure Key Vault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_AZURE_0148 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_AZURE_0338 | Ensure that Activity Log Alert exists for Delete Security Solution | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0343 | Ensure that Activity Log Alert exists for Create or Update Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0396 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0585 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_GCP_0319 | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
AC_AWS_0095 | Ensure potential PASSWORD information is not disclosed in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0121 | Ensure cross zone load balancing is enabled for AWS ELB | AWS | Resilience | MEDIUM |
AC_AWS_0141 | Ensure password policy requires minimal length of 7 for AWS IAM Account Password Policy | AWS | Compliance Validation | MEDIUM |
AC_AWS_0168 | Ensure there are no hard coded keys used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0184 | Ensure deletion protection is enabled for AWS QLDB Ledger | AWS | Resilience | MEDIUM |
AC_AWS_0447 | Ensure image tag is immutable for Amazon Elastic Container Registry (Amazon ECR) Repository | AWS | Security Best Practices | MEDIUM |
AC_AWS_0457 | Ensure environment variables are protected using AWS KMS keys for AWS Lambda Functions | AWS | Data Protection | HIGH |