| AC_AZURE_0345 | Ensure data exfiltration protection is enabled for Azure Synapse Workspace | Azure | Data Protection | MEDIUM |
| AC_AZURE_0346 | Ensure provider status is in provisioned state for Azure Express Route Circuit | Azure | Compliance Validation | LOW |
| AC_AZURE_0358 | Ensure use of NSG with Azure Virtual Machine Scale Set | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0361 | Ensure overprovisioning is disabled for Azure Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
| AC_AZURE_0376 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0377 | Ensure usage of names like 'Admin' are avoided for Azure SQL Server | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0378 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0386 | Ensure That 'Notify about alerts with the following severity' is Set to 'High' | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0387 | Ensure That No Custom Subscription Owner Roles Are Created | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0388 | Ensure guest users are disabled for Azure Role Assignment | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0390 | Ensure accessibility is restricted to 256 hosts for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0400 | Ensure TLS connection is enabled for Azure PostgreSQL Server | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0402 | Ensure audit log retention period is greater than 90 days for Azure PostgreSQL Server | Azure | Resilience | LOW |
| AC_AZURE_0409 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0417 | Ensure that the latest version of NSG flow log is being used via Azure Network Watcher Flow Log | Azure | Security Best Practices | MEDIUM |
| AC_AZURE_0420 | Ensure only whitelisted IPs can use Azure Search Service | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0003 | Ensure that 'Threat Detection' is enabled for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0085 | Ensure that logging for Azure Key Vault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
| AC_AZURE_0088 | Ensure App Service Authentication is set up for apps in Azure App Service | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0148 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
| AC_AZURE_0268 | Ensure geo-redundant backups are enabled for Azure MySQL Single Server | Azure | Data Protection | HIGH |
| AC_AZURE_0270 | Ensure CIFS / SMB (TCP:3020) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0273 | Ensure Cassandra (TCP:7001) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0274 | Ensure Cassandra (TCP:7001) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0275 | Ensure Cassandra (TCP:7001) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0292 | Ensure that public access is disabled in Azure Key Vault | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0332 | Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0338 | Ensure that Activity Log Alert exists for Delete Security Solution | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0343 | Ensure that Activity Log Alert exists for Create or Update Network Security Group | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0373 | Ensure that 'Secure transfer required' is set to 'Enabled' | Azure | Data Protection | HIGH |
| AC_AZURE_0396 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0424 | Ensure VNC Server (TCP:5900) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0428 | Ensure Telnet (TCP:23) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0431 | Ensure SaltStack Master (TCP:4506) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0436 | Ensure SaltStack Master (TCP:4505) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0438 | Ensure SQL Server Analysis (TCP:2383) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0443 | Ensure SNMP (Udp:161) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0453 | Ensure web port (TCP:3000) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0461 | Ensure POP3 (TCP:110) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0462 | Ensure POP3 (TCP:110) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0468 | Ensure Oracle DB SSL (TCP:2484) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0474 | Ensure NetBIOS Session Service (TCP:139) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0476 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0477 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0478 | Ensure NetBIOS Datagram Service (Udp:138) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0482 | Ensure NetBIOS Name Service (Udp:137) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0488 | Ensure MySQL (TCP:3306) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0493 | Ensure Mongo Web Portal (TCP:27018) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0497 | Ensure Memcached SSL (Udp:11215) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0510 | Ensure MSSQL Server (TCP:1433) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
