AC_AZURE_0508 | Ensure Memcached SSL (TCP:11214) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0511 | Ensure MSSQL Server (TCP:1433) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0523 | Ensure LDAP SSL (TCP:636) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0524 | Ensure web port (TCP:8080) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0528 | Ensure web port (TCP:8000) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0537 | Ensure Cassandra OpsCenter (TCP:61621) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0571 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0572 | Ensure Web App is using the latest version of TLS encryption - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0575 | Ensure Web App is using the latest version of TLS encryption - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0577 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0584 | Ensure FTP deployments are Disabled - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_GCP_0003 | Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses | GCP | Infrastructure Security | HIGH |
AC_GCP_0134 | Ensure That RDP Access Is Restricted From the Internet | GCP | Infrastructure Security | HIGH |
AC_GCP_0231 | Enable VPC Flow Logs and Intranode Visibility | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0260 | Ensure That SSH Access Is Restricted From the Internet | GCP | Infrastructure Security | HIGH |
AC_GCP_0371 | Ensure That the Default Network Does Not Exist in a Project - google_compute_network | GCP | Infrastructure Security | LOW |
AC_K8S_0003 | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | Infrastructure Security | LOW |
AC_K8S_0083 | Minimize the admission of containers wishing to share the host IPC namespace | Kubernetes | Infrastructure Security | MEDIUM |
AC_AWS_0004 | Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration date | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0006 | Ensure Amazon Machine Image (AMI) is not shared among multiple accounts | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0097 | Ensure VPC is enabled for AWS Redshift Cluster | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0164 | Ensure VPC access is enabled for AWS Lambda Functions | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0199 | Ensure public access is disabled for AWS Redshift Clusters | AWS | Infrastructure Security | HIGH |
AC_AWS_0234 | Ensure Security Groups do not have unrestricted specific ports open - Elasticsearch (TCP,9200) | AWS | Infrastructure Security | HIGH |
AC_AWS_0239 | Ensure Security Groups do not have unrestricted specific ports open - Cassandra (TCP,7001) | AWS | Infrastructure Security | HIGH |
AC_AWS_0243 | Ensure Security Groups do not have unrestricted specific ports open - LDAP SSL (TCP,636) | AWS | Infrastructure Security | HIGH |
AC_AWS_0247 | Ensure Security Groups do not have unrestricted specific ports open - MSSQL Server (TCP,1433) | AWS | Infrastructure Security | HIGH |
AC_AWS_0252 | Ensure Security Groups do not have unrestricted specific ports open - Mongo Web Portal (TCP,27018) | AWS | Infrastructure Security | HIGH |
AC_AWS_0254 | Ensure Security Groups do not have unrestricted specific ports open - NetBIOS Name Service (TCP,137) | AWS | Infrastructure Security | HIGH |
AC_AWS_0262 | Ensure Security Groups do not have unrestricted specific ports open - Postgres SQL (TCP,5432) | AWS | Infrastructure Security | HIGH |
AC_AWS_0269 | Ensure Security Groups do not have unrestricted specific ports open - SaltStack Master (TCP,4505) | AWS | Infrastructure Security | HIGH |
AC_AWS_0272 | Ensure Security Groups do not have unrestricted specific ports open - SMTP (TCP,25) | AWS | Infrastructure Security | HIGH |
AC_AWS_0275 | Ensure no security groups is wide open to public, that is, allows traffic from 0.0.0.0/0 to ALL ports and protocols | AWS | Infrastructure Security | HIGH |
AC_AWS_0276 | Ensure Unknown Port is not exposed to the entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0280 | Ensure Cassandra OpsCenter agent port (TCP,61621) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0284 | Ensure Known internal web port (TCP,8080) is not accessible by a CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0289 | Ensure MSSQL Server (TCP,1433) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0294 | Ensure Mongo Web Portal (TCP,27018) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0298 | Ensure NetBios Datagram Service (TCP,138) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0303 | Ensure Oracle DB SSL (UDP,2484) is not accessible by a public CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0305 | Ensure Postgres SQL (UDP,5432) is not accessible by a CIDR block range | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0326 | Ensure Security Groups Unrestricted Specific Ports CassandraOpsCenteragent (TCP,61621) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0329 | Ensure Security Groups Unrestricted Specific Ports MSSQLBrowserService (UDP,1434) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0330 | Ensure Security Groups Unrestricted Specific Ports MSSQLDebugger (TCP,135) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0340 | Ensure Knowninternalwebport' (TCP,8000) not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0347 | Ensure NetBIOSSessionService' (TCP,139) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0349 | Ensure OracleDBSSL' (TCP,2484) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0350 | Ensure OracleDBSSL' (UDP,2484) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0351 | Ensure PostgresSQL' (TCP,5432) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0358 | Ensure OracleDatabaseServer' (TCP,521) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |