AC_GCP_0006 | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level - google_project_iam_member | GCP | Identity and Access Management | HIGH |
AC_GCP_0008 | Ensure that corporate login credentials are used | GCP | Identity and Access Management | LOW |
AC_AZURE_0406 | Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' | Azure | Infrastructure Security | HIGH |
AC_AZURE_0142 | Ensure CORS is tightly controlled and managed for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0389 | Ensure resource lock enabled for Azure Resource Group | Azure | Identity and Access Management | LOW |
AC_AZURE_0128 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0246 | Ensure that 'Java version' is the latest, if used to run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0214 | Ensure Azure Keyvaults are used to store secrets | Azure | Data Protection | LOW |
AC_AZURE_0356 | Ensure every subnet block is configured with a Network Security Group in Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0385 | Ensure that standard pricing tiers are selected in Azure Security Center Subscription Pricing | Azure | Security Best Practices | MEDIUM |
AC_GCP_0233 | Ensure logging is enabled for Google Cloud Storage Buckets | GCP | Logging and Monitoring | LOW |
AC_AWS_0386 | Ensure that inline policy does not expose secrets in AWS Secrets Manager | AWS | Security Best Practices | HIGH |
AC_AZURE_0414 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0101 | Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0254 | Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on' | GCP | Compliance Validation | LOW |
AC_AWS_0028 | Ensure IAM policies with wildcard (*) resource and NotAction are not attached or used | AWS | Identity and Access Management | HIGH |
AC_AWS_0146 | Ensure IAM policies that allow full administrative privileges are not created and attached inline to a role | AWS | Identity and Access Management | HIGH |
AC_AWS_0195 | Ensure policy with iam:Passrole/* action and NotResource attributes is not used | AWS | Identity and Access Management | HIGH |
AC_AWS_0213 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached with control tower | AWS | Identity and Access Management | LOW |
AC_AWS_0220 | Ensure 'allow list actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0222 | Ensure 'allow put or restore actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0415 | Ensure there is no IAM policy with a condition element having ForAllValues Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0419 | Ensure no wildcards are used in resource ARN for AWS IAM Policy | AWS | Identity and Access Management | LOW |
AC_AZURE_0118 | Ensure latest TLS version is in use for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0176 | Ensure managed identity is used in Azure Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0364 | Ensure that the latest OS patches for Azure Virtual Machine | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0411 | Ensure 'log_duration' is set for Azure PostgreSQL Configuration | Azure | Logging and Monitoring | MEDIUM |
AC_AWS_0044 | Ensure 'password policy' is enabled - at least 1 lower case character | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0380 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0415 | Ensure that the retention policy is enabled for Azure Network Watcher Flow Log | Azure | Resilience | MEDIUM |
AC_AWS_0133 | Ensure there is no IAM user with permanent programmatic access | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0149 | Ensure no user can assume the role without MFA is specified in the condition parameter of AWS IAM User Policy | AWS | Compliance Validation | LOW |
AC_AWS_0217 | Ensure 'allow all actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AZURE_0335 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |
AC_AWS_0226 | Ensure secrets should be auto-rotated after not more than 90 days | AWS | Compliance Validation | HIGH |
AC_AWS_0470 | Ensure cloud users don't have any direct permissions in AWS IAM User Policy | AWS | Identity and Access Management | MEDIUM |
AC_AZURE_0416 | Ensure that traffic analytics is enabled via Azure Network Watcher Flow Log | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0418 | Ensure that Network Watcher is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_GCP_0036 | Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute Instance | GCP | Data Protection | MEDIUM |
AC_GCP_0038 | Ensure default setting for OSLogin is not overridden by Google Compute Instance | GCP | Identity and Access Management | LOW |
AC_GCP_0224 | Ensure Remote Desktop (TCP:3389) is not exposed to public for Google Compute Firewall | GCP | Infrastructure Security | MEDIUM |
AC_AZURE_0366 | Ensure that 'Public access level' is set to Private for blob containers | Azure | Identity and Access Management | HIGH |
AC_AWS_0196 | Ensure IAM Policy does not Allow with NotPrincipal | AWS | Identity and Access Management | HIGH |
AC_AWS_0219 | Ensure 'allow get actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0412 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with value not following standard CIDR | AWS | Identity and Access Management | LOW |
AC_AWS_0414 | Ensure there is no IAM policy with a condition element having NotIpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
AC_AWS_0417 | Ensure there is no IAM policy with a condition element having IfExists Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
AC_AWS_0418 | Ensure there is no IAM policy with Redundant action | AWS | Identity and Access Management | LOW |
AC_AZURE_0114 | Ensure HTTPS is enabled for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0117 | Ensure managed identity is used in Azure Windows Function App | Azure | Identity and Access Management | LOW |