AC_GCP_0100 | Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_AZURE_0169 | Ensure that logging for Azure KeyVault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_K8S_0021 | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | Compliance Validation | MEDIUM |
AC_K8S_0026 | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0044 | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0053 | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | Identity and Access Management | LOW |
AC_AZURE_0557 | Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
AC_AWS_0607 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
AC_GCP_0236 | Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_access_control | GCP | Infrastructure Security | MEDIUM |
AC_K8S_0023 | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0036 | Ensure that the --service-account-lookup argument is set to true | Kubernetes | Identity and Access Management | MEDIUM |
AC_K8S_0052 | Ensure that the --profiling argument is set to false | Kubernetes | Logging and Monitoring | LOW |
AC_AWS_0646 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
AC_AZURE_0559 | Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests | Azure | Data Protection | MEDIUM |
AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_K8S_0032 | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
S3_AWS_0005 | Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
AC_AZURE_0128 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0246 | Ensure that 'Java version' is the latest, if used to run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_K8S_0033 | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
AC_K8S_0055 | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_GCP_0027 | Ensure Master Authorized Networks is Enabled | GCP | Infrastructure Security | HIGH |
AC_K8S_0004 | Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | Logging and Monitoring | LOW |
AC_K8S_0103 | Minimize access to create pods | Kubernetes | Identity and Access Management | HIGH |
AC_AWS_0134 | Ensure password policy requires at least one lowercase character for AWS IAM Account Password Policy | AWS | Compliance Validation | LOW |
AC_AZURE_0216 | Ensure that a 'Diagnostics Setting' exists | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0324 | Ensure that Microsoft Defender for Container Registries is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0331 | Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected | Azure | Compliance Validation | MEDIUM |
AC_K8S_0030 | Ensure that the --profiling argument is set to false | Kubernetes | Logging and Monitoring | MEDIUM |
AC_K8S_0042 | Ensure that the --encryption-provider-config argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_AZURE_0552 | Enable Role Based Access Control for Azure Key Vault | Azure | Data Protection | LOW |
AC_GCP_0271 | Ensure Secure Boot for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
AC_GCP_0366 | Ensure API Keys Are Restricted to Only APIs That Application Needs Access | GCP | Security Best Practices | MEDIUM |
AC_AWS_0428 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
AC_AZURE_0375 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Compliance Validation | LOW |
AC_K8S_0090 | Ensure that the --basic-auth-file argument is not set | Kubernetes | Identity and Access Management | MEDIUM |
AC_GCP_0025 | Ensure use of VPC-native clusters | GCP | Compliance Validation | HIGH |
AC_GCP_0030 | Ensure Stackdriver Kubernetes Logging and Monitoring is Enabled | GCP | Logging and Monitoring | HIGH |
AC_GCP_0337 | Ensure Cloud Asset Inventory Is Enabled | GCP | Logging and Monitoring | MEDIUM |
AC_AZURE_0376 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_K8S_0018 | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | Identity and Access Management | MEDIUM |
S3_AWS_0015 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_GCP_0015 | Ensure Node Auto-Repair is enabled for GKE nodes | GCP | Security Best Practices | LOW |
AC_K8S_0086 | The default namespace should not be used | Kubernetes | Security Best Practices | LOW |
AC_AWS_0036 | Ensure CloudTrail log file validation is enabled | AWS | Logging and Monitoring | MEDIUM |
S3_AWS_0003 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_GCP_0358 | Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | GCP | Logging and Monitoring | LOW |
AC_GCP_0365 | Ensure API Keys Only Exist for Active Services | GCP | Security Best Practices | MEDIUM |