AC_AWS_0091 | Ensure potential TOKEN information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0092 | Ensure potential LICENSE information is not disclosed in plain text in container definition for AWS ECS service | AWS | Data Protection | HIGH |
AC_AWS_0113 | Ensure Amazon cognito authentication is enabled for AWS ElasticSearch Domain | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0127 | Ensure flow logs are enabled for AWS Global Accelerator | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0150 | Ensure a log metric filter and alarm exist for AWS NAT Gateways | AWS | Security Best Practices | HIGH |
AC_AWS_0174 | Ensure log exports is enabled for AWS MQ Brokers | AWS | Logging and Monitoring | LOW |
AC_AWS_0202 | Ensure AWS Redshift Cluster should not be using the default port (5439) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0440 | Ensure deletion protection is enabled for AWS LB (Load Balancer) | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0485 | Ensure there is no policy with an invalid principal format for Amazon Simple Queue Service (SQS) Topic | AWS | Identity and Access Management | LOW |
AC_AWS_0545 | Ensure environment variables do not contain any credentials in AWS Codebuild Project | AWS | Data Protection | MEDIUM |
AC_AWS_0577 | Ensure tags are defined for AWS NAT Gateways | AWS | Security Best Practices | LOW |
AC_AZURE_0132 | Ensure 'email account admins' is enabled for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0257 | Ensure Azure Active Directory (AAD) is configured for Azure Synapse Workspace | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0295 | Ensure that logging for detailed error messages is enabled for Azure App Service | Azure | Logging and Monitoring | LOW |
AC_AZURE_0346 | Ensure provider status is in provisioned state for Azure Express Route Circuit | Azure | Compliance Validation | LOW |
AC_K8S_0013 | Ensure an owner key with proper label is set for Kubernetes namespace | Kubernetes | Security Best Practices | LOW |
AC_K8S_0088 | Ensure mounting Docker socket daemon in a container is limited | Kubernetes | Infrastructure Security | MEDIUM |
AC_GCP_0272 | Ensure shielded nodes are enabled for all nodes in Google Container Cluster | GCP | Infrastructure Security | LOW |
AC_AZURE_0414 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0101 | Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0254 | Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
AC_AWS_0502 | Ensure valid account number format is used in Amazon Simple Notification Service (SNS) Topic | AWS | Security Best Practices | LOW |
AC_AZURE_0179 | Ensure CORS is tightly controlled and managed for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0244 | Ensure remote debugging is turned off for Azure App Service | Azure | Infrastructure Security | HIGH |
AC_AZURE_0280 | Ensure accessibility is restricted up to 256 hosts in Azure SQL Firewall Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0390 | Ensure accessibility is restricted to 256 hosts for Azure Redis Cache | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0402 | Ensure audit log retention period is greater than 90 days for Azure PostgreSQL Server | Azure | Resilience | LOW |
AC_GCP_0020 | Ensure private cluster is enabled for Google Container Cluster | GCP | Infrastructure Security | HIGH |
AC_AWS_0133 | Ensure there is no IAM user with permanent programmatic access | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0337 | Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0046 | Ensure 'Additional email addresses' is Configured with a Security Contact Email | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0021 | Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacks | AWS | Security Best Practices | MEDIUM |
AC_AWS_0022 | Ensure termination protection is enabled for AWS CloudFormation Stack | AWS | Security Best Practices | MEDIUM |
AC_AWS_0024 | Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | LOW |
AC_AWS_0043 | Ensure temporary passwords are not valid for more than 90 days | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0063 | Ensure delete protection is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Resilience | MEDIUM |
AC_AWS_0074 | Ensure log export is enabled for AWS DocumentDB clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0077 | Ensure read-write capacities are reserved for AWS DynamoDB tables | AWS | Compliance Validation | MEDIUM |
AC_AWS_0100 | Ensure control plane logging is enabled for all log types for AWS Elastic Kubernetes Service (EKS) clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0102 | Ensure redis version is compliant with AWS PCI-DSS requirements for AWS ElastiCache clusters | AWS | Compliance Validation | HIGH |
AC_AWS_0103 | Ensure memcached elasticache engines are not in use in AWS PCI-DSS environments for AWS ElastiCache clusters | AWS | Compliance Validation | HIGH |
AC_AWS_0107 | Ensure dedicated master nodes are enabled for AWS ElasticSearch Domains | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0108 | Ensure general purpose SSD node type is not used for AWS ElasticSearch Domains | AWS | Compliance Validation | HIGH |
AC_AWS_0122 | Ensure connection draining is enabled for AWS ELB | AWS | Resilience | MEDIUM |
AC_AWS_0169 | Ensure there are no URL references used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0176 | Ensure active/standby deployment mode is used for AWS MQ Brokers | AWS | Resilience | MEDIUM |
AC_AWS_0185 | Ensure external principals are allowed for AWS RAM resources | AWS | Data Protection | MEDIUM |
AC_AWS_0189 | Ensure Aurora Serverless AutoPause is enabled for Amazon Relational Database Service (Amazon RDS) clusters | AWS | Compliance Validation | MEDIUM |
AC_AWS_0395 | Ensure logging is enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0443 | Ensure log exports has been enabled for AWS Neptune cluster | AWS | Logging and Monitoring | MEDIUM |