AC_AWS_0480 | Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |
AC_AWS_0488 | Ensure there is no IAM policy with invalid policy element | AWS | Identity and Access Management | LOW |
AC_AWS_0490 | Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked roles | AWS | Identity and Access Management | HIGH |
AC_AWS_0497 | Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AWS_0550 | Ensure actions '*' and resource '*' are not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AZURE_0157 | Ensure that pod security policy is enabled for Azure Kubernetes Cluster | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0278 | Ensure HTTP is disallowed for Azure CDN Endpoint | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0329 | Ensure custom script extensions are not used in Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AWS_0583 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_K8S_0006 | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_AZURE_0416 | Ensure that traffic analytics is enabled via Azure Network Watcher Flow Log | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0418 | Ensure that Network Watcher is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_GCP_0036 | Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute Instance | GCP | Data Protection | MEDIUM |
AC_GCP_0038 | Ensure default setting for OSLogin is not overridden by Google Compute Instance | GCP | Identity and Access Management | LOW |
AC_AWS_0226 | Ensure secrets should be auto-rotated after not more than 90 days | AWS | Compliance Validation | HIGH |
AC_AWS_0470 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0386 | Ensure that inline policy does not expose secrets in AWS Secrets Manager | AWS | Security Best Practices | HIGH |
AC_AZURE_0214 | Ensure Azure Keyvaults are used to store secrets | Azure | Data Protection | LOW |
AC_AZURE_0356 | Ensure every subnet block is configured with a Network Security Group in Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0385 | Ensure that standard pricing tiers are selected in Azure Security Center Subscription Pricing | Azure | Security Best Practices | MEDIUM |
AC_GCP_0233 | Ensure logging is enabled for Google Cloud Storage Buckets | GCP | Logging and Monitoring | LOW |
AC_AZURE_0360 | Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale Set | Azure | Security Best Practices | MEDIUM |
AC_GCP_0016 | Ensure container-optimized OS (COS) is used for Google Container Node Pool | GCP | Compliance Validation | LOW |
AC_GCP_0289 | Ensure cloud instance snapshots are encrypted through Google Compute Snapshot | GCP | Data Protection | MEDIUM |
AC_AWS_0004 | Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration date | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0006 | Ensure Amazon Machine Image (AMI) is not shared among multiple accounts | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0018 | Ensure encryption is enabled for AWS Athena Query | AWS | Data Protection | MEDIUM |
AC_AWS_0070 | Ensure auto minor version upgrade is enabled for AWS Database Migration Service (DMS) instances | AWS | Security Best Practices | MEDIUM |
AC_AWS_0109 | Ensure latest version of elasticsearch engine is used for AWS ElasticSearch Domains | AWS | Compliance Validation | MEDIUM |
AC_AWS_0112 | Ensure encryption at-rest is enabled for AWS ElasticSearch Domains | AWS | Data Protection | HIGH |
AC_AWS_0114 | Ensure node-to-node encryption is enabled for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0178 | Ensure customer owned KMS key is used for encrypting AWS MQ Brokers | AWS | Data Protection | HIGH |
AC_AWS_0451 | Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log Group | AWS | Data Protection | HIGH |
AC_AWS_0460 | Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery Stream | AWS | Data Protection | HIGH |
AC_AZURE_0134 | Ensure that minimum TLS version is set to 1.2 for Azure MSSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0224 | Ensure latest TLS/SSL version is in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0044 | Ensure 'password policy' is enabled - at least 1 lower case character | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0075 | Ensure deletion protection is enabled for AWS DocumentDB Clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0117 | Ensure latest TLS version is used for AWS ElasticSearch Nodes | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0154 | Ensure IMDSv1 is disabled for AWS EC2 instances | AWS | Infrastructure Security | HIGH |
AC_AWS_0367 | Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway Volumes | AWS | Security Best Practices | HIGH |
AC_AWS_0375 | Ensure server-side encryption (SSE) is enforced for AWS DynamoDB tables | AWS | Data Protection | MEDIUM |
AC_AWS_0376 | Ensure server side encryption (SSE) is using a customer-managed KMS Key for AWS DynamoDB tables | AWS | Data Protection | HIGH |
AC_AWS_0379 | Ensure all data stored is encrypted in-transit for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0380 | Ensure all data stored is encrypted in-transit and has auth token for authentication for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0423 | Ensure SSL is enforced for parameter groups associated with AWS Redshift clusters | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0463 | Ensure Transit Encryption is enabled for Amazon Elastic Container Service (ECS) Task Definition using Elastic File System (EFS) Volumes | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0576 | Ensure private subnets are not used to deploy AWS NAT Gateways | AWS | Data Protection | HIGH |
AC_AZURE_0095 | Ensure TLS 1.2 or greater is used for IoT Hub | Azure | Infrastructure Security | HIGH |
AC_AZURE_0151 | Ensure LinuxDiagnostic is enabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | MEDIUM |