| AC_AWS_0284 | Ensure Known internal web port (TCP,8080) is not accessible by a CIDR block range | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0289 | Ensure MSSQL Server (TCP,1433) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0294 | Ensure Mongo Web Portal (TCP,27018) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0298 | Ensure NetBios Datagram Service (TCP,138) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0303 | Ensure Oracle DB SSL (UDP,2484) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0305 | Ensure Postgres SQL (UDP,5432) is not accessible by a CIDR block range | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0326 | Ensure Security Groups Unrestricted Specific Ports CassandraOpsCenteragent (TCP,61621) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0329 | Ensure Security Groups Unrestricted Specific Ports MSSQLBrowserService (UDP,1434) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0330 | Ensure Security Groups Unrestricted Specific Ports MSSQLDebugger (TCP,135) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0340 | Ensure Knowninternalwebport' (TCP,8000) not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0347 | Ensure NetBIOSSessionService' (TCP,139) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0349 | Ensure OracleDBSSL' (TCP,2484) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0350 | Ensure OracleDBSSL' (UDP,2484) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0351 | Ensure PostgresSQL' (TCP,5432) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0358 | Ensure OracleDatabaseServer' (TCP,521) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0363 | Ensure Elasticsearch' (TCP,9300) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0510 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0513 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0516 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0519 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0520 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0521 | Ensure Cassandra Thrift (TCP:9160) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0525 | Ensure LDAP (TCP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0535 | Ensure Memcached SSL (UDP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
| AC_AWS_0539 | Ensure Oracle DB (UDP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
| AC_AWS_0543 | Ensure Redis without SSL (TCP:6379) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0556 | Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
| AC_AWS_0578 | Ensure AWS NAT Gateways are used instead of default routes for AWS Route Table | AWS | Data Protection | HIGH |
| AC_AWS_0612 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
| AC_AZURE_0092 | Ensure shared access policies are not used for IoT Hub Device Provisioning Service (DPS) | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0206 | Ensure cross account access is disabled for Azure SQL Firewall Rule | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0224 | Ensure latest TLS/SSL version is in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0342 | Ensure that RDP access is restricted from the internet | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0351 | Ensure Azure Web Application Firewall Policy is enabled | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0353 | Ensure a site-to-site VPN functionality by making use of Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0354 | Ensure that VPN Encryption is enabled for Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0357 | Ensure that UDP Services are restricted from the Internet | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0381 | Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule | Azure | Infrastructure Security | HIGH |
| AC_GCP_0052 | Ensure SQL Server Analysis Service browser (TCP:2382) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0059 | Ensure MSSQL Admin (TCP:1434) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0062 | Ensure VNC Server (TCP:5900) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0068 | Ensure Known internal web port (TCP:8080) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0069 | Ensure Known internal web port (TCP:8000) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
| AC_GCP_0077 | Ensure SaltStack Master (TCP:4505) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0080 | Ensure CIFS / SMB (TCP:3020) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0095 | Ensure NetBios Session Service (TCP:139) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0107 | Ensure NetBIOS Name Service (TCP:137) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
| AC_GCP_0109 | Ensure POP3 (TCP:110) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0112 | Ensure SMTP (TCP:25) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0115 | Ensure Microsoft-DS (TCP:445) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
