AC_AZURE_0289 | Ensure HTTP application routing has been disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | HIGH |
AC_AZURE_0296 | Ensure that failed request tracing is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0304 | Ensure extensions are not installed on Azure Windows Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0307 | Ensure public access is disabled for Azure Search Service | Azure | Infrastructure Security | HIGH |
AC_AZURE_0313 | Ensure that virtual networks are in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0335 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0349 | Ensure disk encryption is enabled for Azure Windows Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
AC_AZURE_0355 | Ensure DDoS protection standard is enabled for Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0364 | Ensure that the latest OS patches for Azure Virtual Machine | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0365 | Ensure age in days after create to delete snapshot is more than 90 in Azure Storage Management Policy | Azure | Resilience | MEDIUM |
AC_AZURE_0368 | Ensure CORS rules are set according to organization's policy for Azure Storage Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0375 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Compliance Validation | LOW |
AC_AZURE_0379 | Ensure data encryption is enabled for Azure Synapse SQL Pool | Azure | Data Protection | MEDIUM |
AC_AZURE_0382 | Ensure SQL Server audit with selected event types is enabled and has retention period of minimum 365 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0392 | Ensure firewall rules reject internet access for Azure Redis Cache | Azure | Infrastructure Security | HIGH |
AC_AZURE_0394 | Ensure only SSL connections are enabled for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0398 | Ensure infrastructure encryption for Azure PostgreSQL Server is enabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0399 | Ensure that Identity block is defined and type is set to SystemAssigned for Azure PostgreSQL Server | Azure | Identity and Access Management | LOW |
AC_AZURE_0404 | Ensure public access is disabled for Azure PostgreSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0406 | Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' | Azure | Infrastructure Security | HIGH |
AC_AZURE_0411 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0419 | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Azure | Resilience | MEDIUM |
AC_AZURE_0538 | Ensure App Service Authentication is set up for apps in Azure App Service | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0540 | Ensure `force_password_change` is set to true for AzureAD User | Azure | Identity and Access Management | HIGH |
AC_AZURE_0002 | Ensure notification email setting is enabled for Azure SQL Database Threat Detection Policy | Azure | Logging and Monitoring | LOW |
AC_AZURE_0025 | Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access | Azure | Infrastructure Security | HIGH |
AC_AZURE_0060 | Ensure that UDP access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
AC_AZURE_0079 | Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) | Azure | Data Protection | MEDIUM |
AC_AZURE_0086 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0122 | Ensure FTP deployments are Disabled - azurerm_linux_function_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0131 | Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0163 | Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0167 | Ensure the Key Vault is Recoverable | Azure | Data Protection | MEDIUM |
AC_AZURE_0185 | Ensure locks are enabled for Azure Container Registry | Azure | Resilience | HIGH |
AC_AZURE_0242 | Ensure Diagnostic Setting captures appropriate categories | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0333 | Ensure that Activity Log Alert exists for Delete Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0397 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Azure | Infrastructure Security | LOW |
AC_AZURE_0408 | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0425 | Ensure VNC Listener (TCP:5500) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0430 | Ensure Telnet (TCP:23) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0433 | Ensure SaltStack Master (TCP:4506) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0445 | Ensure SNMP (Udp:161) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0447 | Ensure SMTP (TCP:25) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0449 | Ensure Puppet Master (TCP:8140) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0450 | Ensure Puppet Master (TCP:8140) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0452 | Ensure web port (TCP:3000) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0459 | Ensure PostgreSQL (TCP:5432) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0466 | Ensure Oracle DB SSL (Udp:2484) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0471 | Ensure NetBIOS Session Service (Udp:139) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |