AC_AWS_0363 | Ensure Elasticsearch' (TCP,9300) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0392 | Ensure public IP address is not used AWS EC2 instances | AWS | Infrastructure Security | HIGH |
AC_AWS_0399 | Ensure public IP address is not assigned to Amazon Elastic Container Service (ECS) | AWS | Infrastructure Security | HIGH |
AC_AWS_0510 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0513 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0516 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0519 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0520 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0521 | Ensure Cassandra Thrift (TCP:9160) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0525 | Ensure LDAP (TCP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0535 | Ensure Memcached SSL (UDP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0539 | Ensure Oracle DB (UDP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0543 | Ensure Redis without SSL (TCP:6379) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0556 | Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AWS_0593 | Ensure that IAM Access analyzer is enabled for all regions | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0608 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0611 | Ensure AWS Security Hub is enabled | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0053 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Infrastructure Security | HIGH |
AC_AZURE_0092 | Ensure shared access policies are not used for IoT Hub Device Provisioning Service (DPS) | Azure | Infrastructure Security | HIGH |
AC_AZURE_0098 | Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0101 | Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to false | Azure | Infrastructure Security | HIGH |
AC_AZURE_0102 | Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0121 | Ensure HTTPS is enabled for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0125 | Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0126 | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0134 | Ensure that minimum TLS version is set to 1.2 for Azure MSSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0142 | Ensure CORS is tightly controlled and managed for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0190 | Ensure auto renew of certificates is turned off for Azure App Service Certificate Order | Azure | Infrastructure Security | LOW |
AC_AZURE_0224 | Ensure latest TLS/SSL version is in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0253 | Ensure system-assigned managed identity authentication is used for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0261 | Ensure public network access is disabled for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0265 | Ensure Secrets are not exposed in customData used in Azure Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0342 | Ensure that RDP access is restricted from the internet | Azure | Infrastructure Security | HIGH |
AC_AZURE_0351 | Ensure Azure Web Application Firewall Policy is enabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0353 | Ensure a site-to-site VPN functionality by making use of Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0354 | Ensure that VPN Encryption is enabled for Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0357 | Ensure that UDP Services are restricted from the Internet | Azure | Infrastructure Security | HIGH |
AC_AZURE_0374 | Ensure a firewall is attached to Azure SQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0381 | Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0391 | Ensure that firewall rules does not allow unrestricted access to Azure Redis Cache from other Azure sources | Azure | Infrastructure Security | HIGH |
AC_GCP_0023 | Ensure control plane is not public for Google Container Cluster | GCP | Infrastructure Security | HIGH |
AC_GCP_0034 | Ensure latest TLS version is used for Google Compute SSL Policy | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0035 | Ensure Compute instances are launched with Shielded VM enabled | GCP | Infrastructure Security | LOW |
AC_GCP_0041 | Ensure default service accounts having complete cloud access are not used by Google Compute Instance | GCP | Infrastructure Security | HIGH |
AC_GCP_0052 | Ensure SQL Server Analysis Service browser (TCP:2382) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_GCP_0059 | Ensure MSSQL Admin (TCP:1434) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0062 | Ensure VNC Server (TCP:5900) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0068 | Ensure Known internal web port (TCP:8080) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |
AC_GCP_0069 | Ensure Known internal web port (TCP:8000) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_GCP_0077 | Ensure SaltStack Master (TCP:4505) is not exposed to entire internet for Google Compute Firewall | GCP | Infrastructure Security | HIGH |