| AC_K8S_0034 | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
| AC_AZURE_0028 | Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. | Azure | Data Protection | HIGH |
| AC_AZURE_0059 | Ensure that HTTP(S) access from the Internet is evaluated and restricted | Azure | Infrastructure Security | LOW |
| AC_AZURE_0325 | Ensure that Microsoft Defender for Storage is set to 'On' | Azure | Data Protection | MEDIUM |
| AC_AZURE_0326 | Ensure that Microsoft Defender for SQL servers on machines is set to 'On' | Azure | Data Protection | MEDIUM |
| AC_AZURE_0330 | Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0370 | Ensure that 'Public access level' is disabled for storage accounts with blob containers | Azure | Infrastructure Security | HIGH |
| AC_K8S_0061 | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
| AC_AWS_0156 | Ensure cross-zone load balancing is enabled for AWS LB (Load Balancer) | AWS | Resilience | MEDIUM |
| AC_AWS_0400 | Ensure active tracing is enabled for AWS API Gateway Stage | AWS | Logging and Monitoring | LOW |
| AC_AZURE_0241 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
| AC_GCP_0276 | Ensure use of Binary Authorization | GCP | Infrastructure Security | LOW |
| AC_GCP_0327 | Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key | GCP | Infrastructure Security | LOW |
| AC_GCP_0330 | Ensure Essential Contacts is Configured for Organization | GCP | Logging and Monitoring | LOW |
| AC_AZURE_0219 | Ensure that only Azure integrated certificate authorities are in use for issuing certificates used in Azure Key Vault Certificate | Azure | Compliance Validation | MEDIUM |
| AC_GCP_0272 | Ensure shielded nodes are enabled for all nodes in Google Container Cluster | GCP | Infrastructure Security | LOW |
| AC_AWS_0207 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
| AC_K8S_0059 | Ensure that the --client-cert-auth argument is set to true | Kubernetes | Infrastructure Security | MEDIUM |
| AC_AZURE_0412 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
| AC_GCP_0005 | Ensure That Service Account Has No Admin Privileges - google_project_iam_member | GCP | Identity and Access Management | HIGH |
| AC_AWS_0021 | Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacks | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0022 | Ensure termination protection is enabled for AWS CloudFormation Stack | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0024 | Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | LOW |
| AC_AWS_0043 | Ensure temporary passwords are not valid for more than 90 days | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0063 | Ensure delete protection is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Resilience | MEDIUM |
| AC_AWS_0073 | Ensure KMS customer managed keys are used for encryption of AWS DocumentDB Clusters | AWS | Data Protection | MEDIUM |
| AC_AWS_0074 | Ensure log export is enabled for AWS DocumentDB clusters | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0077 | Ensure read-write capacities are reserved for AWS DynamoDB tables | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0100 | Ensure control plane logging is enabled for all log types for AWS Elastic Kubernetes Service (EKS) clusters | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0102 | Ensure redis version is compliant with AWS PCI-DSS requirements for AWS ElastiCache clusters | AWS | Compliance Validation | HIGH |
| AC_AWS_0103 | Ensure memcached elasticache engines are not in use in AWS PCI-DSS environments for AWS ElastiCache clusters | AWS | Compliance Validation | HIGH |
| AC_AWS_0107 | Ensure dedicated master nodes are enabled for AWS ElasticSearch Domains | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0108 | Ensure general purpose SSD node type is not used for AWS ElasticSearch Domains | AWS | Compliance Validation | HIGH |
| AC_AWS_0122 | Ensure connection draining is enabled for AWS ELB | AWS | Resilience | MEDIUM |
| AC_AWS_0169 | Ensure there are no URL references used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
| AC_AWS_0176 | Ensure active/standby deployment mode is used for AWS MQ Brokers | AWS | Resilience | MEDIUM |
| AC_AWS_0185 | Ensure external principals are allowed for AWS RAM resources | AWS | Data Protection | MEDIUM |
| AC_AWS_0189 | Ensure Aurora Serverless AutoPause is enabled for Amazon Relational Database Service (Amazon RDS) clusters | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0395 | Ensure logging is enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0443 | Ensure log exports has been enabled for AWS Neptune cluster | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0467 | Ensure CORS is configured to prevent sharing across all domains for AWS API Gateway V2 API | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0546 | Ensure load balancer health checks are used for AWS Auto Scaling Groups | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0614 | Ensure AWS Lambda Functions have associated tags | AWS | Compliance Validation | LOW |
| AC_AZURE_0166 | Ensure that RSA keys have the specified minimum key size for Azure Key Vault Certificate | Azure | Compliance Validation | HIGH |
| AC_AZURE_0182 | Ensure auto inflate is enabled for Azure Eventhub Namespace | Azure | Compliance Validation | LOW |
| AC_AZURE_0185 | Ensure locks are enabled for Azure Container Registry | Azure | Resilience | HIGH |
| AC_AZURE_0213 | Ensure that members are always added for AzureAD Groups | Azure | Compliance Validation | LOW |
| AC_AZURE_0215 | Ensure labels are configured to keep track of organization resources for Azure Kubernetes Cluster | Azure | Compliance Validation | LOW |
| AC_AZURE_0243 | Ensure that LocalGit repository folder is not set to 'wwwroot' for Azure App Service | Azure | Configuration and Vulnerability Analysis | HIGH |
| AC_AZURE_0250 | Ensure integration service environment are used for deployment of Azure Logic App Workflow | Azure | Security Best Practices | LOW |
