AC_AZURE_0040 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0053 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Infrastructure Security | HIGH |
AC_AZURE_0092 | Ensure shared access policies are not used for IoT Hub Device Provisioning Service (DPS) | Azure | Infrastructure Security | HIGH |
AC_AZURE_0098 | Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0101 | Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to false | Azure | Infrastructure Security | HIGH |
AC_AZURE_0102 | Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0109 | Ensure public IP addresses are not assigned to Azure Linux Virtual Machines | Azure | Security Best Practices | HIGH |
AC_AZURE_0115 | Ensure that authentication feature is enabled for Azure Linux Function App | Azure | Security Best Practices | LOW |
AC_AZURE_0121 | Ensure HTTPS is enabled for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0125 | Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0126 | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0133 | Ensure notification email address is configured for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0134 | Ensure that minimum TLS version is set to 1.2 for Azure MSSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0139 | Ensure regular backups are enabled for Azure MariaDB Server | Azure | Resilience | MEDIUM |
AC_AZURE_0142 | Ensure CORS is tightly controlled and managed for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0159 | Ensure Azure Active Directory (Azure AD) has been enabled in Azure Kubernetes Cluster | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0165 | Ensure that only allowed key types are in use for Azure Key Vault Certificate | Azure | Compliance Validation | HIGH |
AC_AZURE_0171 | Ensure zone resiliency is turned on for all Azure Image | Azure | Resilience | LOW |
AC_AZURE_0172 | Ensure Hyper-V generation uses v2 for Azure Image | Azure | Data Protection | LOW |
AC_AZURE_0181 | Ensure Azure services are zone redundant for Azure Eventhub Namespace | Azure | Resilience | MEDIUM |
AC_AZURE_0183 | Ensure consistency level is NOT set to 'Eventual' for Azure CosmosDB Account | Azure | Security Best Practices | LOW |
AC_AZURE_0190 | Ensure auto renew of certificates is turned off for Azure App Service Certificate Order | Azure | Infrastructure Security | LOW |
AC_AZURE_0192 | Ensure auditing and monitoring is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0206 | Ensure cross account access is disabled for Azure SQL Firewall Rule | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0224 | Ensure latest TLS/SSL version is in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0253 | Ensure system-assigned managed identity authentication is used for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0261 | Ensure public network access is disabled for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0264 | Ensure log profile is configured to capture all activities for Azure Monitor Log Profile | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0265 | Ensure Secrets are not exposed in customData used in Azure Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0290 | Ensure that Azure policies add-on are used for Azure Kubernetes Cluster | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0291 | Ensure that logging to Azure Monitoring is configured for Azure Kubernetes Cluster | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0315 | Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0322 | Ensure that Microsoft Defender for Key Vault is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0342 | Ensure that RDP access is restricted from the internet | Azure | Infrastructure Security | HIGH |
AC_AZURE_0350 | Ensure overprovisioning is disabled for Azure Windows Virtual Machine Scale Set | Azure | Logging and Monitoring | LOW |
AC_AZURE_0351 | Ensure Azure Web Application Firewall Policy is enabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0353 | Ensure a site-to-site VPN functionality by making use of Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0354 | Ensure that VPN Encryption is enabled for Azure Virtual WAN | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0357 | Ensure that UDP Services are restricted from the Internet | Azure | Infrastructure Security | HIGH |
AC_AZURE_0360 | Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale Set | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0362 | Ensure boot diagnostics are enabled for Azure Virtual Machine | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0374 | Ensure a firewall is attached to Azure SQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0381 | Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0383 | Ensure that 'Threat Detection' is enabled for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0389 | Ensure resource lock enabled for Azure Resource Group | Azure | Identity and Access Management | LOW |
AC_AZURE_0391 | Ensure that firewall rules does not allow unrestricted access to Azure Redis Cache from other Azure sources | Azure | Infrastructure Security | HIGH |
AC_AZURE_0413 | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0416 | Ensure that traffic analytics is enabled via Azure Network Watcher Flow Log | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0418 | Ensure that Network Watcher is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_AZURE_0550 | Ensure disk encryption is enabled for Azure Windows Virtual Machine | Azure | Data Protection | MEDIUM |