AC_AZURE_0504 | Ensure Memcached SSL (TCP:11215) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0509 | Ensure MSSQL Server (TCP:1433) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0512 | Ensure MSSQL Debugger (TCP:135) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0520 | Ensure MSSQL Admin (TCP:1434) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0522 | Ensure LDAP SSL (TCP:636) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0526 | Ensure web port (TCP:8080) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0532 | Ensure Hadoop Name Node (TCP:9000) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0535 | Ensure DNS (Udp:53) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_GCP_0223 | Ensure Remote Desktop (TCP:3389) is not exposed to more than 32 private hosts for Google Compute Firewall | GCP | Infrastructure Security | LOW |
AC_AWS_0171 | Ensure weak ciphers are removed for AWS Elastic Load Balancers (ELB) | AWS | Infrastructure Security | HIGH |
AC_K8S_0067 | Ensure Kubernetes dashboard is not deployed | Kubernetes | Data Protection | MEDIUM |
AC_GCP_0224 | Ensure Remote Desktop (TCP:3389) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_AWS_0510 | Ensure Cassandra Internode Communication (TCP:7000) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0513 | Ensure Cassandra Monitoring (TCP:7199) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0516 | Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0519 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0520 | Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0521 | Ensure Cassandra Thrift (TCP:9160) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0525 | Ensure LDAP (TCP:389) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0535 | Ensure Memcached SSL (UDP:11211) is not exposed to more than 32 private hosts | AWS | Infrastructure Security | LOW |
AC_AWS_0539 | Ensure Oracle DB (UDP:2483) is not exposed to entire internet | AWS | Infrastructure Security | HIGH |
AC_AWS_0543 | Ensure Redis without SSL (TCP:6379) is not exposed to public | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0054 | Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Infrastructure Security | HIGH |
AC_K8S_0102 | Ensure impersonate access to Kubernetes resources is minimized in Kubernetes Role | Kubernetes | Identity and Access Management | HIGH |
AC_AZURE_0325 | Ensure that Microsoft Defender for Storage is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0326 | Ensure that Microsoft Defender for SQL servers on machines is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0330 | Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected | Azure | Compliance Validation | MEDIUM |
AC_K8S_0061 | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
AC_GCP_0018 | Ensure that Alpha clusters are not used for production workloads | GCP | Security Best Practices | LOW |
AC_K8S_0014 | Ensure Kubernetes Network policy does not allow ingress from public IPs to query DNS | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0015 | Ensure Kubernetes Network policy does not allow ingress from public IPs to SSH | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0016 | Ensure Kubernetes Network policy does not allow ingress from public IPs to access sql servers | Kubernetes | Infrastructure Security | HIGH |
AC_K8S_0017 | Ensure Kubernetes Network policy does not allow ingress from public IPs to access Redis servers | Kubernetes | Infrastructure Security | HIGH |
AC_AZURE_0340 | Ensure that Activity Log alert exists for the Delete Network Security Group Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0098 | Ensure Customer Managed Keys (CMK) are used for encryption of AWS Elastic File System (EFS) | AWS | Data Protection | HIGH |
AC_AWS_0197 | Ensure KMS customer managed key (CMK) for encryption of AWS Redshift clusters | AWS | Security Best Practices | HIGH |
AC_AWS_0198 | Ensure encryption is enabled for AWS Redshift clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0206 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets | AWS | Data Protection | HIGH |
AC_AWS_0275 | Ensure no security groups is wide open to public, that is, allows traffic from 0.0.0.0/0 to ALL ports and protocols | AWS | Infrastructure Security | HIGH |
AC_K8S_0076 | Ensure mounting of hostPaths is disallowed in Kubernetes workload configuration | Kubernetes | Identity and Access Management | HIGH |
AC_GCP_0132 | Ensure 'log_duration' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
AC_GCP_0256 | Ensure that the 'log_temp_files' database flag for Cloud SQL PostgreSQL instance is set to '0' (on) | GCP | Compliance Validation | LOW |
AC_GCP_0298 | Ensure 'log_executor_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0100 | Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_AZURE_0248 | Ensure That 'PHP version' is the Latest, If Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AWS_0607 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
AC_GCP_0236 | Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_access_control | GCP | Infrastructure Security | MEDIUM |
AC_AWS_0646 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
AC_AZURE_0323 | Ensure that Microsoft Defender for Kubernetes is set to 'On' | Azure | Data Protection | MEDIUM |
AC_K8S_0029 | Ensure that the --secure-port argument is not set to 0 | Kubernetes | Infrastructure Security | HIGH |