AC_AZURE_0361 | Ensure overprovisioning is disabled for Azure Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
AC_AZURE_0362 | Ensure boot diagnostics are enabled for Azure Virtual Machine | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0363 | Ensure ssh keys are used to auth Azure Virtual Machine | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0364 | Ensure that the latest OS patches for Azure Virtual Machine | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0365 | Ensure age in days after create to delete snapshot is more than 90 in Azure Storage Management Policy | Azure | Resilience | MEDIUM |
AC_AZURE_0366 | Ensure that 'Public access level' is set to Private for blob containers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0367 | Ensure Soft Delete is Enabled for Azure Storage | Azure | Data Protection | MEDIUM |
AC_AZURE_0368 | Ensure CORS rules are set according to organization's policy for Azure Storage Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0369 | Ensure that VM agent is installed on Azure Virtual Machine | Azure | Compliance Validation | LOW |
AC_AZURE_0370 | Ensure that 'Public access level' is disabled for storage accounts with blob containers | Azure | Infrastructure Security | HIGH |
AC_AZURE_0371 | Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access | Azure | Infrastructure Security | HIGH |
AC_AZURE_0372 | Ensure Default Network Access Rule for Storage Accounts is Set to Deny | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0373 | Ensure that 'Secure transfer required' is set to 'Enabled' | Azure | Data Protection | HIGH |
AC_AZURE_0374 | Ensure a firewall is attached to Azure SQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0375 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Compliance Validation | LOW |
AC_AZURE_0376 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0377 | Ensure usage of names like 'Admin' are avoided for Azure SQL Server | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0378 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_AZURE_0379 | Ensure data encryption is enabled for Azure Synapse SQL Pool | Azure | Data Protection | MEDIUM |
AC_AZURE_0380 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0381 | Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0382 | Ensure SQL Server audit with selected event types is enabled and has retention period of minimum 365 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0383 | Ensure that 'Threat Detection' is enabled for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0384 | Ensure that names like 'Admin' are not used for Azure SQL Server Active Directory Administrator | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0385 | Ensure that standard pricing tiers are selected in Azure Security Center Subscription Pricing | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0386 | Ensure That 'Notify about alerts with the following severity' is Set to 'High' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0387 | Ensure That No Custom Subscription Owner Roles Are Created | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0388 | Ensure guest users are disabled for Azure Role Assignment | Azure | Identity and Access Management | HIGH |
AC_AZURE_0389 | Ensure resource lock enabled for Azure Resource Group | Azure | Identity and Access Management | LOW |
AC_AZURE_0390 | Ensure accessibility is restricted to 256 hosts for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0391 | Ensure that firewall rules does not allow unrestricted access to Azure Redis Cache from other Azure sources | Azure | Infrastructure Security | HIGH |
AC_AZURE_0392 | Ensure firewall rules reject internet access for Azure Redis Cache | Azure | Infrastructure Security | HIGH |
AC_AZURE_0393 | Ensure regular security and operational updates are enabled for Azure Redis Cache | Azure | Security Best Practices | HIGH |
AC_AZURE_0394 | Ensure only SSL connections are enabled for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0395 | Ensure missing service endpoints are disabled for Azure PostgreSQL Virtual Network Rule | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0396 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0397 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Azure | Infrastructure Security | LOW |
AC_AZURE_0398 | Ensure infrastructure encryption for Azure PostgreSQL Server is enabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0399 | Ensure that Identity block is defined and type is set to SystemAssigned for Azure PostgreSQL Server | Azure | Identity and Access Management | LOW |
AC_AZURE_0400 | Ensure TLS connection is enabled for Azure PostgreSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0401 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_AZURE_0402 | Ensure audit log retention period is greater than 90 days for Azure PostgreSQL Server | Azure | Resilience | LOW |
AC_AZURE_0403 | Ensure email addresses are setup for Azure PostgreSQL Server | Azure | Compliance Validation | LOW |
AC_AZURE_0404 | Ensure public access is disabled for Azure PostgreSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0405 | Ensure admin auth is properly setup for Azure PostgreSQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0406 | Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' | Azure | Infrastructure Security | HIGH |
AC_AZURE_0407 | Ensure geo-redundant backups are enabled for Azure PostgreSQL Server | Azure | Resilience | MEDIUM |
AC_AZURE_0408 | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0409 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0410 | Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | Azure | Resilience | MEDIUM |