AC_AWS_0240 | Ensure Security Groups do not have unrestricted specific ports open - Hadoop Name Node (TCP,9000) | AWS | Infrastructure Security | HIGH |
AC_AWS_0241 | Ensure Security Groups do not have unrestricted specific ports open - Known internal web port (TCP,8000) | AWS | Infrastructure Security | HIGH |
AC_AWS_0244 | Ensure Security Groups do not have unrestricted specific ports open - MSSQL Admin (TCP,1434) | AWS | Infrastructure Security | HIGH |
AC_AWS_0245 | Ensure Security Groups do not have unrestricted specific ports open - MSSQL Browser Service (UDP,1434) | AWS | Infrastructure Security | HIGH |
AC_AWS_0246 | Ensure Security Groups do not have unrestricted specific ports open - MSSQL Debugger (TCP,135) | AWS | Infrastructure Security | HIGH |
AC_AWS_0249 | Ensure Security Groups do not have unrestricted specific ports open - Memcached SSL (TCP,11215) | AWS | Infrastructure Security | HIGH |
AC_AWS_0253 | Ensure Security Groups do not have unrestricted specific ports open - MySQL (TCP,3306) | AWS | Infrastructure Security | HIGH |
AC_AWS_0270 | Ensure Security Groups do not have unrestricted specific ports open - Oracle Database Server (TCP,1521) | AWS | Infrastructure Security | HIGH |
AC_AWS_0274 | Ensure Security Groups do not have unrestricted specific ports open - MongoDB (TCP,27017) | AWS | Infrastructure Security | HIGH |
AC_AWS_0283 | Ensure Known internal web port (TCP,8000) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0293 | Ensure Memcached SSL (UDP,11215) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0306 | Ensure Prevalent known internal port (TCP,3000) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0311 | Ensure Cassandra Client (TCP:9042) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0324 | Ensure Security Groups Unrestricted Specific Ports Elasticsearch (TCP,9200) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0332 | Ensure Security Groups Unrestricted Specific Ports MemcachedSSL (TCP,11214) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0336 | Ensure Security Groups Unrestricted Specific Ports MySQL (TCP,3306) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0342 | Ensure MongoWebPortal' (TCP,27018) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0344 | Ensure NetBIOSNameService' (UDP,137) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0353 | Ensure Prevalentknowninternalport' (TCP,3000) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0356 | Ensure SQLServerAnalysisServicebrowser' (TCP,2382) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0359 | Ensure Telnet' (TCP,23) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0362 | Ensure MongoDB' (TCP,27017) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0391 | Ensure 'public IP on launch' is not enabled for AWS Subnets | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0401 | Ensure encryption at rest is enabled for AWS Backup Vault | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0402 | Ensure wildcards(*) are not used in IAM policies for AWS Backup Vault Policy | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0440 | Ensure deletion protection is enabled for AWS LB (Load Balancer) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0511 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0512 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0518 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0522 | Ensure Cassandra Thrift (TCP:9160) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0541 | Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0549 | Ensure geo-restriction is enabled for AWS CloudFront | AWS | Infrastructure Security | LOW |
AC_AWS_0607 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
AC_AWS_0610 | Ensure no security groups allow ingress from ::/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AWS_0646 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
AC_AZURE_0099 | Ensure that the attribute 'privileged_docker_options' in Defender for IoT is not set to false | Azure | Infrastructure Security | HIGH |
AC_AZURE_0104 | Ensure that the attribute 'edge_logging_option' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0140 | Ensure public access is disabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0141 | Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0144 | Ensure queries are not supported over the public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0161 | Ensure that kubernetes dashboard is disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0177 | Ensure latest TLS version is in use for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0178 | Ensure HTTPS is enabled for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0179 | Ensure CORS is tightly controlled and managed for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0226 | Ensure public access is disabled for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0244 | Ensure remote debugging is turned off for Azure App Service | Azure | Infrastructure Security | HIGH |
AC_AZURE_0262 | Ensure public network access is disabled for Azure Container Registry | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0270 | Ensure CIFS / SMB (TCP:3020) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0273 | Ensure Cassandra (TCP:7001) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0274 | Ensure Cassandra (TCP:7001) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |