AC_AWS_0280 | Ensure Cassandra OpsCenter agent port (TCP,61621) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0284 | Ensure Known internal web port (TCP,8080) is not accessible by a CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0289 | Ensure MSSQL Server (TCP,1433) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0294 | Ensure Mongo Web Portal (TCP,27018) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0298 | Ensure NetBios Datagram Service (TCP,138) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0303 | Ensure Oracle DB SSL (UDP,2484) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0305 | Ensure Postgres SQL (UDP,5432) is not accessible by a CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0326 | Ensure Security Groups Unrestricted Specific Ports CassandraOpsCenteragent (TCP,61621) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0329 | Ensure Security Groups Unrestricted Specific Ports MSSQLBrowserService (UDP,1434) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0330 | Ensure Security Groups Unrestricted Specific Ports MSSQLDebugger (TCP,135) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0340 | Ensure Knowninternalwebport' (TCP,8000) not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0347 | Ensure NetBIOSSessionService' (TCP,139) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0349 | Ensure OracleDBSSL' (TCP,2484) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0350 | Ensure OracleDBSSL' (UDP,2484) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0351 | Ensure PostgresSQL' (TCP,5432) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0358 | Ensure OracleDatabaseServer' (TCP,521) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0363 | Ensure Elasticsearch' (TCP,9300) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_GCP_0018 | Ensure that Alpha clusters are not used for production workloads | GCP | Security Best Practices | LOW |
AC_K8S_0086 | The default namespace should not be used | Kubernetes | Security Best Practices | LOW |
AC_AWS_0012 | Ensure CloudWatch Logs are enabled for AWS API Gateway Stage | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0013 | Ensure SSL Client Certificate is enabled for AWS API Gateway Stage | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0016 | Ensure Auto-scaling is configured for both index and tables in AWS DynamoDb | AWS | Compliance Validation | MEDIUM |
AC_AWS_0062 | Ensure performance insights are enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0082 | Ensure AWS best practices are followed while deciding names for tags in AWS EBS volumes | AWS | Compliance Validation | LOW |
AC_AWS_0104 | Ensure multi-az is configured for AWS ElastiCache Clusters | AWS | Resilience | MEDIUM |
AC_AWS_0105 | Ensure slow logs (index slow logs) are enabled for AWS ElasticSearch Domain | AWS | Compliance Validation | MEDIUM |
AC_AWS_0124 | Ensure termination protection is enabled for AWS EMR clusters | AWS | Resilience | MEDIUM |
AC_AWS_0170 | Ensure there are no hard coded scripts used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0187 | Ensure copy tags to snapshots feature is enabled for Amazon Relational Database Service (Amazon RDS) clusters | AWS | Compliance Validation | LOW |
AC_AWS_0188 | Ensure deletion protection is enabled for Amazon Relational Database Service (Amazon RDS) clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0190 | Ensure backtracking is enabled for Amazon Relational Database Service (Amazon RDS) cluster | AWS | Compliance Validation | MEDIUM |
AC_AWS_0191 | Ensure default ports are not used by Amazon Relational Database Service (Amazon RDS) instances | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0389 | Ensure feature to compress objects automatically is configured for AWS Cloudfront | AWS | Compliance Validation | LOW |
AC_AWS_0430 | Ensure there are no unnamed AWS EC2 instances | AWS | Compliance Validation | LOW |
AC_AWS_0456 | Ensure IMDSv1 is disabled for AWS EC2 instances in AWS Launch Configuration | AWS | Infrastructure Security | HIGH |
AC_AWS_0483 | Ensure there is no policy with an invalid principal format for Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0484 | Ensure there is no policy with an invalid principal key for Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0486 | Ensure there is no policy with an invalid principal key for Amazon Simple Queue Service (SQS) Queue | AWS | Identity and Access Management | LOW |
AC_AWS_0548 | Ensure logging is enabled for AWS CloudFront | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0620 | Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
AC_AZURE_0112 | Ensure Time To Live (TTL) of the DNS record is not more than 60 minutes for Azure Private DNS Cname Record | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0127 | Ensure that Azure Active Directory Admin is configured for Azure MySQL Single Server | Azure | Identity and Access Management | HIGH |
AC_AZURE_0221 | Ensure CORS is configured to allow only trusted clients for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0222 | Ensure failing azure functions have email alerts configured for Azure Monitor Action Group | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0267 | Ensure that 'Phone number' is set for Azure Security Center Contact | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0269 | Ensure that Accelerated Networking feature is enabled for Azure virtual machines (VMs) | Azure | Compliance Validation | LOW |
AC_AZURE_0297 | Ensure that Azure Files are used for Azure App Service | Azure | Resilience | MEDIUM |
AC_AZURE_0302 | Ensure read, write and delete request logging is enabled for queue service in Azure Storage Account | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0306 | Ensures that Active Directory is used for authentication for Azure Service Fabric Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0363 | Ensure ssh keys are used to auth Azure Virtual Machine | Azure | Identity and Access Management | MEDIUM |