AC_AWS_0208 | Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS ECR Repository | AWS | Data Protection | MEDIUM |
AC_AWS_0372 | Ensure root volumes are encrypted for the AWS Workspaces | AWS | Data Protection | MEDIUM |
AC_AWS_0381 | Ensure public access is disabled for AWS Neptune cluster instances | AWS | Data Protection | MEDIUM |
AC_AWS_0468 | Ensure encryption is enabled for AWS Athena Database | AWS | Data Protection | HIGH |
AC_AWS_0547 | Ensure there is an encrypted connection between AWS CloudFront server and Origin server | AWS | Data Protection | HIGH |
AC_AWS_0592 | Ensure that encryption is enabled for EFS file systems | AWS | Data Protection | HIGH |
AC_AZURE_0143 | Ensure that 'Unattached disks' are encrypted in Azure Managed Disk | Azure | Data Protection | MEDIUM |
AC_AZURE_0233 | Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) | Azure | Data Protection | MEDIUM |
AC_AZURE_0241 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_AZURE_0294 | Ensure encryption is enabled for Azure Data Lake Store | Azure | Data Protection | MEDIUM |
AC_AZURE_0299 | Ensure that Azure Data Explorer uses disk encryption in Azure Kusto Cluster | Azure | Data Protection | MEDIUM |
AC_AZURE_0317 | Ensure that string variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0319 | Ensure that date-time variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0325 | Ensure that Microsoft Defender for Storage is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0326 | Ensure that Microsoft Defender for SQL servers on machines is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0367 | Ensure Soft Delete is Enabled for Azure Storage | Azure | Data Protection | MEDIUM |
AC_AZURE_0548 | Ensure disk encryption is enabled for Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_K8S_0043 | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | Data Protection | MEDIUM |
AC_AWS_0429 | Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets | AWS | Data Protection | HIGH |
AC_AZURE_0021 | Ensure Soft Delete is Enabled for Azure Containers and Blob Storage | Azure | Data Protection | MEDIUM |
AC_AZURE_0028 | Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. | Azure | Data Protection | HIGH |
AC_AZURE_0036 | Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key | Azure | Data Protection | MEDIUM |
AC_AZURE_0197 | Ensure custom script extensions are not used in Azure Windows Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0200 | Ensure custom script extensions are not used in Azure Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0348 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_AZURE_0551 | Ensure geo-redundant backups are enabled for Azure MySQL Flexible Server | Azure | Data Protection | HIGH |
AC_AZURE_0561 | Ensure Virtual Machines are utilizing Managed Disks | Azure | Data Protection | MEDIUM |
AC_GCP_0229 | Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) | GCP | Data Protection | MEDIUM |
AC_AWS_0052 | Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | HIGH |
AC_AWS_0053 | Ensure IAM authentication is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Data Protection | MEDIUM |
AC_AWS_0071 | Ensure encryption at rest is enabled for AWS DocumentDB clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0078 | Ensure customer managed keys (CMK) are used for server side encryption (SSE) of AWS DyanamoDB tables | AWS | Data Protection | MEDIUM |
AC_AWS_0079 | Ensure default encryption is enabled for AWS EBS Volumes | AWS | Data Protection | HIGH |
AC_AWS_0089 | Ensure potential DATABASE information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0090 | Ensure SECRET information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0091 | Ensure potential TOKEN information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0092 | Ensure potential LICENSE information is not disclosed in plain text in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0180 | Ensure inter-cluster encryption is enabled for AWS MSK cluster | AWS | Data Protection | HIGH |
AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
AC_AWS_0378 | Ensure all data stored is encrypted at-rest for AWS Elasticache Replication Group | AWS | Data Protection | HIGH |
AC_AWS_0384 | Ensure data encryption is enabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
AC_AWS_0388 | Ensure field-level encryption is enabled for AWS CloudFront distribution | AWS | Data Protection | MEDIUM |
AC_AWS_0424 | Ensure direct access from the internet is disabled for AWS SageMaker Notebook instances | AWS | Data Protection | HIGH |
AC_AWS_0446 | Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AWS_0545 | Ensure environment variables do not contain any credentials in AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AZURE_0128 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
AC_AZURE_0202 | Ensure access duration is set to 3600 seconds or less for Azure Managed Disk SAS Token | Azure | Data Protection | LOW |
AC_AZURE_0240 | Ensure SQL server's TDE protector is encrypted with Customer-managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0301 | Ensure that key vault is used to encrypt data for Azure Batch Account | Azure | Data Protection | MEDIUM |