AC_AZURE_0294 | Ensure encryption is enabled for Azure Data Lake Store | Azure | Data Protection | MEDIUM |
AC_AZURE_0384 | Ensure that names like 'Admin' are not used for Azure SQL Server Active Directory Administrator | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0393 | Ensure regular security and operational updates are enabled for Azure Redis Cache | Azure | Security Best Practices | HIGH |
AC_AZURE_0403 | Ensure email addresses are setup for Azure PostgreSQL Server | Azure | Compliance Validation | LOW |
AC_AZURE_0407 | Ensure geo-redundant backups are enabled for Azure PostgreSQL Server | Azure | Resilience | MEDIUM |
AC_AZURE_0412 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0414 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0101 | Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0254 | Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
AC_AZURE_0136 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0137 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0551 | Ensure geo-redundant backups are enabled for Azure MySQL Flexible Server | Azure | Data Protection | HIGH |
AC_AZURE_0580 | Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0588 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0013 | Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on' | GCP | Compliance Validation | LOW |
AC_GCP_0230 | Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | GCP | Identity and Access Management | HIGH |
AC_GCP_0252 | Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' | GCP | Compliance Validation | LOW |
AC_GCP_0258 | Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0370 | Ensure Instance IP assignment is set to private | GCP | Compliance Validation | LOW |
AC_AWS_0058 | Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0062 | Ensure performance insights are enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0067 | Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scope | AWS | Infrastructure Security | HIGH |
AC_AWS_0075 | Ensure deletion protection is enabled for AWS DocumentDB Clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0104 | Ensure multi-az is configured for AWS ElastiCache Clusters | AWS | Resilience | MEDIUM |
AC_AWS_0187 | Ensure copy tags to snapshots feature is enabled for Amazon Relational Database Service (Amazon RDS) clusters | AWS | Compliance Validation | LOW |
AC_AWS_0188 | Ensure deletion protection is enabled for Amazon Relational Database Service (Amazon RDS) clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0190 | Ensure backtracking is enabled for Amazon Relational Database Service (Amazon RDS) cluster | AWS | Compliance Validation | MEDIUM |
AC_AWS_0191 | Ensure default ports are not used by Amazon Relational Database Service (Amazon RDS) instances | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0203 | Ensure Enhanced VPC routing should be enabled for AWS Redshift Clusters | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0375 | Ensure server-side encryption (SSE) is enforced for AWS DynamoDB tables | AWS | Data Protection | MEDIUM |
AC_AWS_0376 | Ensure server side encryption (SSE) is using a customer-managed KMS Key for AWS DynamoDB tables | AWS | Data Protection | HIGH |
AC_AWS_0379 | Ensure all data stored is encrypted in-transit for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0380 | Ensure all data stored is encrypted in-transit and has auth token for authentication for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0423 | Ensure SSL is enforced for parameter groups associated with AWS Redshift clusters | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0038 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0039 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0184 | Ensure to filter source IP's for Azure CosmosDB Account | Azure | Infrastructure Security | HIGH |
AC_AZURE_0235 | Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0238 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0316 | Ensure public network access disabled for Azure CosmosDB Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0347 | Ensure that automatic failover is enabled for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0401 | Ensure that Azure Active Directory Admin is configured | Azure | Identity and Access Management | HIGH |
AC_AZURE_0405 | Ensure admin auth is properly setup for Azure PostgreSQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0410 | Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | Azure | Resilience | MEDIUM |
AC_GCP_0317 | Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_AZURE_0001 | Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0066 | Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0127 | Ensure that Azure Active Directory Admin is configured for Azure MySQL Single Server | Azure | Identity and Access Management | HIGH |
AC_AZURE_0130 | Ensure advanced threat protection is used for Azure MySQL Single Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0252 | Ensure public IP addresses are disabled in Azure Databricks Workspaces | Azure | Infrastructure Security | MEDIUM |