AC_AZURE_0135 | Ensure public access is disabled for Azure MSSQL Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0136 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0137 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0138 | Ensure geo-redundant backups are enabled for Azure MariaDB Server | Azure | Resilience | MEDIUM |
AC_AZURE_0139 | Ensure regular backups are enabled for Azure MariaDB Server | Azure | Resilience | MEDIUM |
AC_AZURE_0140 | Ensure public access is disabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0141 | Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0142 | Ensure CORS is tightly controlled and managed for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0143 | Ensure that 'Unattached disks' are encrypted in Azure Managed Disk | Azure | Data Protection | MEDIUM |
AC_AZURE_0144 | Ensure queries are not supported over the public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0145 | Ensure ingestion is not supported over public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0146 | Ensure log analytics workspace has daily quota value set for Azure Log Analytics Workspace | Azure | Compliance Validation | LOW |
AC_AZURE_0147 | Ensure Azure log retention is set at least 90 days for Azure Log Analytics Workspace | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0148 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_AZURE_0149 | Ensure anti-malware protection is enabled with real time protection for Azure Linux Virtual Machine Scale Set | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0150 | Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale Set | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0151 | Ensure LinuxDiagnostic is enabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0152 | Ensure disk encryption is enabled for Azure Linux Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
AC_AZURE_0153 | Ensure overprovisioning is disabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | LOW |
AC_AZURE_0154 | Ensure that TLS is enforced for Azure Load Balancer | Azure | Resilience | LOW |
AC_AZURE_0155 | Ensure encryption is configured for Azure Kubernetes Cluster using a customer managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0157 | Ensure that pod security policy is enabled for Azure Kubernetes Cluster | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0158 | Ensure network policy is configured for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0159 | Ensure Azure Active Directory (Azure AD) has been enabled in Azure Kubernetes Cluster | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0160 | Ensure that private cluster is enabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0161 | Ensure that kubernetes dashboard is disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0162 | Ensure secrets have content type set for Azure Key Vault Secret | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0163 | Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0164 | Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0165 | Ensure that only allowed key types are in use for Azure Key Vault Certificate | Azure | Compliance Validation | HIGH |
AC_AZURE_0166 | Ensure that RSA keys have the specified minimum key size for Azure Key Vault Certificate | Azure | Compliance Validation | HIGH |
AC_AZURE_0167 | Ensure the Key Vault is Recoverable | Azure | Data Protection | MEDIUM |
AC_AZURE_0168 | Ensure access level is set to 'Read' for Azure Managed Disk SAS Token | Azure | Data Protection | MEDIUM |
AC_AZURE_0169 | Ensure that logging for Azure KeyVault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
AC_AZURE_0171 | Ensure zone resiliency is turned on for all Azure Image | Azure | Resilience | LOW |
AC_AZURE_0172 | Ensure Hyper-V generation uses v2 for Azure Image | Azure | Data Protection | LOW |
AC_AZURE_0173 | Ensure 'ReadOnly' cache is enabled on Data disks with read heavy operations to get higher read IOPS for Azure Image | Azure | Compliance Validation | LOW |
AC_AZURE_0174 | Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure Image | Azure | Compliance Validation | LOW |
AC_AZURE_0175 | Ensure Azure RBAC (role-based access control) is used to control access to resources for Azure Function App | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0176 | Ensure managed identity is used in Azure Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0177 | Ensure latest TLS version is in use for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0178 | Ensure HTTPS is enabled for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0179 | Ensure CORS is tightly controlled and managed for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0180 | Ensure load balancer is enabled for Azure Front Door | Azure | Resilience | MEDIUM |
AC_AZURE_0181 | Ensure Azure services are zone redundant for Azure Eventhub Namespace | Azure | Resilience | MEDIUM |
AC_AZURE_0182 | Ensure auto inflate is enabled for Azure Eventhub Namespace | Azure | Compliance Validation | LOW |
AC_AZURE_0183 | Ensure consistency level is NOT set to 'Eventual' for Azure CosmosDB Account | Azure | Security Best Practices | LOW |
AC_AZURE_0184 | Ensure to filter source IP's for Azure CosmosDB Account | Azure | Infrastructure Security | HIGH |