AC_AZURE_0219 | Ensure that only Azure integrated certificate authorities are in use for issuing certificates used in Azure Key Vault Certificate | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0412 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0005 | Ensure That Service Account Has No Admin Privileges - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_AWS_0010 | Ensure that content encoding is enabled for API Gateway Rest API | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0015 | Ensure AWS WAF ACL is associated with AWS API Gateway Stage | AWS | Logging and Monitoring | LOW |
AC_AWS_0051 | Ensure event subscriptions are enabled for instance level events | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0059 | Ensure master username does not use commonly predicted usernames for Amazon Relational Database Service (Amazon RDS) instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0061 | Ensure active directory remains in use to authenticate users for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0069 | Ensure Multi-AZ is enabled for AWS Database Migration Service (DMS) instances | AWS | Compliance Validation | MEDIUM |
AC_AWS_0086 | Ensure container insights are enabled for Amazon Elastic Container Service (ECS) clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0089 | Ensure potential DATABASE information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0090 | Ensure SECRET information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0091 | Ensure potential TOKEN information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0092 | Ensure potential LICENSE information is not disclosed in plain text in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0113 | Ensure Amazon cognito authentication is enabled for AWS ElasticSearch Domain | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0127 | Ensure flow logs are enabled for AWS Global Accelerator | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0150 | Ensure a log metric filter and alarm exist for AWS NAT Gateways | AWS | Security Best Practices | HIGH |
AC_AWS_0174 | Ensure log exports is enabled for AWS MQ Brokers | AWS | Logging and Monitoring | LOW |
AC_AWS_0202 | Ensure AWS Redshift Cluster should not be using the default port (5439) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0440 | Ensure deletion protection is enabled for AWS LB (Load Balancer) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0485 | Ensure there is no policy with an invalid principal format for Amazon Simple Queue Service (SQS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0545 | Ensure environment variables do not contain any credentials in AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AWS_0577 | Ensure tags are defined for AWS NAT Gateways | AWS | Security Best Practices | LOW |
AC_AZURE_0132 | Ensure 'email account admins' is enabled for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0257 | Ensure Azure Active Directory (AAD) is configured for Azure Synapse Workspace | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0295 | Ensure that logging for detailed error messages is enabled for Azure App Service | Azure | Logging and Monitoring | LOW |
AC_AZURE_0301 | Ensure that key vault is used to encrypt data for Azure Batch Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0346 | Ensure provider status is in provisioned state for Azure Express Route Circuit | Azure | Compliance Validation | LOW |
AC_K8S_0013 | Ensure an owner key with proper label is set for Kubernetes namespace | Kubernetes | Security Best Practices | LOW |
AC_K8S_0088 | Ensure mounting Docker socket daemon in a container is limited | Kubernetes | Infrastructure Security | MEDIUM |
AC_AZURE_0212 | Ensure the "Minimum TLS version" is set to "Version 1.2" | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0017 | Ensure Node Auto-Upgrade is enabled for GKE nodes | GCP | Security Best Practices | LOW |
AC_GCP_0297 | Ensure legacy Compute Engine instance metadata APIs are Disabled | GCP | Infrastructure Security | LOW |
AC_K8S_0031 | Ensure that the --audit-log-path argument is set | Kubernetes | Logging and Monitoring | MEDIUM |
AC_AZURE_0243 | Ensure that LocalGit repository folder is not set to 'wwwroot' for Azure App Service | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0250 | Ensure integration service environment are used for deployment of Azure Logic App Workflow | Azure | Security Best Practices | LOW |
AC_AZURE_0251 | Ensure key size is set on all keys for Azure Key Vault Key | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0277 | Ensure tags are associated with Azure CosmosDB Account | Azure | Compliance Validation | LOW |
AC_AZURE_0289 | Ensure HTTP application routing has been disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | HIGH |
AC_AZURE_0296 | Ensure that failed request tracing is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0540 | Ensure `force_password_change` is set to true for AzureAD User | Azure | Identity and Access Management | HIGH |
AC_GCP_0029 | Ensure stackdriver monitoring is enabled on Google Container Cluster | GCP | Logging and Monitoring | HIGH |
AC_K8S_0074 | Ensure kernel and system level calls are not configured in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_AWS_0021 | Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacks | AWS | Security Best Practices | MEDIUM |
AC_AWS_0022 | Ensure termination protection is enabled for AWS CloudFormation Stack | AWS | Security Best Practices | MEDIUM |
AC_AWS_0024 | Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | LOW |
AC_AWS_0043 | Ensure temporary passwords are not valid for more than 90 days | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0063 | Ensure delete protection is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Resilience | MEDIUM |
AC_AWS_0073 | Ensure KMS customer managed keys are used for encryption of AWS DocumentDB Clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0074 | Ensure log export is enabled for AWS DocumentDB clusters | AWS | Logging and Monitoring | MEDIUM |