AC_AWS_0414 | Ensure there is no IAM policy with a condition element having NotIpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0417 | Ensure there is no IAM policy with a condition element having IfExists Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0418 | Ensure there is no IAM policy with Redundant action | AWS | Identity and Access Management | LOW |
AC_AZURE_0114 | Ensure HTTPS is enabled for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0117 | Ensure managed identity is used in Azure Windows Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0123 | Ensure managed identity is used in Azure Linux Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0175 | Ensure Azure RBAC (role-based access control) is used to control access to resources for Azure Function App | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0186 | Ensure that admin user is disabled for Azure Container Registry | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0188 | Ensure end-to-end TLS is enabled to encrypt and securely transmit sensitive data to the backend for Azure Application Gateway | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0405 | Ensure admin auth is properly setup for Azure PostgreSQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0589 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0179 | Ensure CORS is tightly controlled and managed for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0244 | Ensure remote debugging is turned off for Azure App Service | Azure | Infrastructure Security | HIGH |
AC_AZURE_0280 | Ensure accessibility is restricted up to 256 hosts in Azure SQL Firewall Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0390 | Ensure accessibility is restricted to 256 hosts for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0402 | Ensure audit log retention period is greater than 90 days for Azure PostgreSQL Server | Azure | Resilience | LOW |
AC_GCP_0020 | Ensure private cluster is enabled for Google Container Cluster | GCP | Infrastructure Security | HIGH |
AC_AWS_0583 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_K8S_0006 | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_AWS_0057 | Ensure CA certificate used is not older than 1 year for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0095 | Ensure potential PASSWORD information is not disclosed in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0121 | Ensure cross zone load balancing is enabled for AWS ELB | AWS | Resilience | MEDIUM |
AC_AWS_0141 | Ensure password policy requires minimal length of 7 for AWS IAM Account Password Policy | AWS | Compliance Validation | MEDIUM |
AC_AWS_0168 | Ensure there are no hard coded keys used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0184 | Ensure deletion protection is enabled for AWS QLDB Ledger | AWS | Resilience | MEDIUM |
AC_AWS_0447 | Ensure image tag is immutable for Amazon Elastic Container Registry (Amazon ECR) Repository | AWS | Security Best Practices | MEDIUM |
AC_AWS_0457 | Ensure environment variables are protected using AWS KMS keys for AWS Lambda Functions | AWS | Data Protection | HIGH |
AC_AWS_0458 | Ensure principal is defined for every IAM policy attached to AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
AC_AZURE_0133 | Ensure notification email address is configured for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0159 | Ensure Azure Active Directory (Azure AD) has been enabled in Azure Kubernetes Cluster | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0165 | Ensure that only allowed key types are in use for Azure Key Vault Certificate | Azure | Compliance Validation | HIGH |
AC_AZURE_0172 | Ensure Hyper-V generation uses v2 for Azure Image | Azure | Data Protection | LOW |
AC_AZURE_0183 | Ensure consistency level is NOT set to 'Eventual' for Azure CosmosDB Account | Azure | Security Best Practices | LOW |
AC_AZURE_0190 | Ensure auto renew of certificates is turned off for Azure App Service Certificate Order | Azure | Infrastructure Security | LOW |
AC_AZURE_0192 | Ensure auditing and monitoring is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0264 | Ensure log profile is configured to capture all activities for Azure Monitor Log Profile | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0265 | Ensure Secrets are not exposed in customData used in Azure Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0291 | Ensure that logging to Azure Monitoring is configured for Azure Kubernetes Cluster | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0315 | Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_K8S_0050 | Ensure custom snippets annotations is not set to true for Ingress-nginx controller deployment's Kubernetes Config Map | Kubernetes | Security Best Practices | HIGH |
AC_AWS_0017 | Ensure egress filter is set as 'DROP_ALL' for AWS Application Mesh | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0087 | Ensure there are no services with admin roles for Amazon Elastic Container Service (ECS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0088 | Ensure Amazon Elastic Container Service (ECS) clusters are placed in a VPC | AWS | Infrastructure Security | HIGH |
AC_AWS_0203 | Ensure Enhanced VPC routing should be enabled for AWS Redshift Clusters | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0225 | Ensure network isolation is enabled for AWS SageMaker | AWS | Security Best Practices | MEDIUM |
AC_AZURE_0105 | Ensure that the attribute 'vulnerable_tls_cipher_suite' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0106 | Ensure that the attribute 'acr_authentication' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0107 | Ensure that the attribute 'baseline' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0145 | Ensure ingestion is not supported over public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0196 | Ensure that IP restrictions rules are configured for Azure App Service | Azure | Infrastructure Security | MEDIUM |