AC_GCP_0305 | Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes | GCP | Logging and Monitoring | MEDIUM |
AC_AWS_0574 | Ensure that Object-level logging for write events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
AC_AZURE_0088 | Ensure App Service Authentication is set up for apps in Azure App Service | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0389 | Ensure resource lock enabled for Azure Resource Group | Azure | Identity and Access Management | LOW |
AC_AWS_0448 | Ensure log retention period of at least 90 days retention period for AWS CloudWatch Log Group | AWS | Security Best Practices | HIGH |
AC_AZURE_0142 | Ensure CORS is tightly controlled and managed for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0169 | Ensure that logging for Azure KeyVault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_AZURE_0557 | Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
AC_K8S_0021 | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0026 | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0044 | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0053 | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | Identity and Access Management | LOW |
AC_AZURE_0570 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0591 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0253 | Ensure system-assigned managed identity authentication is used for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0290 | Ensure that Azure policies add-on are used for Azure Kubernetes Cluster | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0362 | Ensure boot diagnostics are enabled for Azure Virtual Machine | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0550 | Ensure disk encryption is enabled for Azure Windows Virtual Machine | Azure | Data Protection | MEDIUM |
AC_GCP_0022 | Ensure PodSecurityPolicy controller is enabled on Google Container Cluster | GCP | Compliance Validation | HIGH |
AC_GCP_0274 | Ensure OSLogin is enabled for centralized SSH key pair management using Google Project | GCP | Identity and Access Management | MEDIUM |
AC_GCP_0275 | Ensure multi-factor authentication is enabled for Google Compute Project Metadata | GCP | Security Best Practices | LOW |
AC_AWS_0025 | Ensure there is no policy with invalid principal format for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | LOW |
AC_AWS_0027 | Ensure there is no IAM policy with invalid partition used for resource ARN | AWS | Identity and Access Management | LOW |
AC_AWS_0031 | Ensure only lower case letters are in use for resource in AWS IAM Policy | AWS | Security Best Practices | LOW |
AC_AWS_0037 | Ensure logging for global services is enabled for AWS CloudTrail | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0130 | Ensure 'Job Bookmark Encryption' is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0398 | Ensure actions 'kms:Decrypt' and 'kms:ReEncryptFrom' are not allowed for all keys in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0404 | Ensure Principal is removed from all AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0405 | Ensure NotPrincipal is removed from all AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0410 | Ensure wildcards(*) are only at end of strings in Action of AWS Organization policies | AWS | Security Best Practices | LOW |
AC_AWS_0425 | Ensure root access is disabled for AWS SageMaker Notebook instances | AWS | Security Best Practices | HIGH |
AC_AWS_0433 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy Attachment | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0436 | Ensure automatic backups are enabled for AWS Elasticache Cluster | AWS | Data Protection | MEDIUM |
AC_AWS_0478 | Ensure that IP range is specified in CIDR format for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0479 | Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |
AC_AWS_0482 | Ensure there is no policy with invalid principal key for AWS S3 Bucket policy | AWS | Identity and Access Management | LOW |
AC_AWS_0489 | Ensure Creation of SLR with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0495 | Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AZURE_0115 | Ensure that authentication feature is enabled for Azure Linux Function App | Azure | Security Best Practices | LOW |
AC_AZURE_0139 | Ensure regular backups are enabled for Azure MariaDB Server | Azure | Resilience | MEDIUM |
AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_K8S_0032 | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
S3_AWS_0005 | Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
AC_AWS_0042 | Ensure standard password policy must be followed with password at least 14 characters long | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0564 | Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs | AWS | Security Best Practices | HIGH |
AC_AWS_0567 | Ensure a log metric filter and alarm exist for security group changes | AWS | Security Best Practices | HIGH |
AC_AZURE_0373 | Ensure that 'Secure transfer required' is set to 'Enabled' | Azure | Data Protection | HIGH |
AC_GCP_0010 | Ensure That the Default Network Does Not Exist in a Project - google_project | GCP | Infrastructure Security | LOW |
AC_GCP_0234 | Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled | GCP | Identity and Access Management | LOW |