AC_AZURE_0079 | Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) | Azure | Data Protection | MEDIUM |
AC_AZURE_0163 | Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0167 | Ensure the Key Vault is Recoverable | Azure | Data Protection | MEDIUM |
AC_AZURE_0557 | Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
AC_GCP_0313 | Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible | GCP | Data Protection | MEDIUM |
AC_AWS_0018 | Ensure encryption is enabled for AWS Athena Query | AWS | Data Protection | MEDIUM |
AC_AWS_0057 | Ensure CA certificate used is not older than 1 year for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0095 | Ensure potential PASSWORD information is not disclosed in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0098 | Ensure Customer Managed Keys (CMK) are used for encryption of AWS Elastic File System (EFS) | AWS | Data Protection | HIGH |
AC_AWS_0112 | Ensure encryption at-rest is enabled for AWS ElasticSearch Domains | AWS | Data Protection | HIGH |
AC_AWS_0114 | Ensure node-to-node encryption is enabled for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0130 | Ensure 'Job Bookmark Encryption' is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0160 | Ensure rotation for customer created CMKs is enabled | AWS | Data Protection | HIGH |
AC_AWS_0168 | Ensure there are no hard coded keys used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0178 | Ensure customer owned KMS key is used for encrypting AWS MQ Brokers | AWS | Data Protection | HIGH |
AC_AWS_0198 | Ensure encryption is enabled for AWS Redshift clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0206 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets | AWS | Data Protection | HIGH |
AC_AWS_0436 | Ensure automatic backups are enabled for AWS Elasticache Cluster | AWS | Data Protection | MEDIUM |
AC_AWS_0451 | Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log Group | AWS | Data Protection | HIGH |
AC_AWS_0457 | Ensure environment variables are protected using AWS KMS keys for AWS Lambda Functions | AWS | Data Protection | HIGH |
AC_AWS_0460 | Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery Stream | AWS | Data Protection | HIGH |
AC_AWS_0578 | Ensure AWS NAT Gateways are used instead of default routes for AWS Route Table | AWS | Data Protection | HIGH |
AC_AWS_0602 | Ensure rotation for customer created symmetric CMKs is enabled | AWS | Data Protection | HIGH |
AC_AZURE_0172 | Ensure Hyper-V generation uses v2 for Azure Image | Azure | Data Protection | LOW |
AC_AZURE_0315 | Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0322 | Ensure that Microsoft Defender for Key Vault is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0550 | Ensure disk encryption is enabled for Azure Windows Virtual Machine | Azure | Data Protection | MEDIUM |
AC_GCP_0036 | Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute Instance | GCP | Data Protection | MEDIUM |
AC_GCP_0289 | Ensure cloud instance snapshots are encrypted through Google Compute Snapshot | GCP | Data Protection | MEDIUM |
AC_K8S_0037 | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0038 | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | Data Protection | MEDIUM |
AC_K8S_0041 | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
CIS_AZURE_0217 | Ensure Storage for Critical Data are Encrypted with Customer Managed Keys | Azure | Data Protection | MEDIUM |
S3_AWS_0002 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets - Terraform Version 1.x | AWS | Data Protection | HIGH |
AC_AZURE_0026 | Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0164 | Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | Azure | Data Protection | HIGH |
AC_AZURE_0327 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Data Protection | MEDIUM |
AC_AZURE_0558 | Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
AC_AZURE_0563 | Ensure Private Endpoints are used to access Storage Accounts | Azure | Data Protection | MEDIUM |
AC_AZURE_0564 | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | Azure | Data Protection | MEDIUM |
AC_AWS_0056 | Ensure automatic minor version upgrade is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0068 | Ensure public access is disabled for AWS Database Migration Service (DMS) instances | AWS | Data Protection | HIGH |
AC_AWS_0093 | Ensure potential AWS_ACCESS_KEY_ID information is not disclosed in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0094 | Ensure potential CLIENT_ID information is not disclosed in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0111 | Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch Domains | AWS | Data Protection | MEDIUM |
AC_AWS_0128 | Ensure S3 encryption configuration is configured for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0129 | Ensure CloudWatch log encryption is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
AC_AWS_0155 | Ensure at-rest server side encryption (SSE) is enabled for data stored in AWS Kinesis Server | AWS | Data Protection | HIGH |
AC_AWS_0157 | Ensure KMS customer managed keys are used for encryption in AWS Kinesis Streams | AWS | Data Protection | HIGH |
AC_AWS_0207 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |