AC_AZURE_0516 | Ensure MSSQL Browser (Udp:1434) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0518 | Ensure MSSQL Admin (TCP:1434) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0531 | Ensure Hadoop Name Node (TCP:9000) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0544 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0552 | Enable Role Based Access Control for Azure Key Vault | Azure | Data Protection | LOW |
AC_AZURE_0553 | Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0555 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0559 | Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests | Azure | Data Protection | MEDIUM |
AC_AZURE_0565 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0566 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0570 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0581 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_linux_web_app | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0585 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
AC_AZURE_0591 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0096 | Ensure IP addresses are masked in the logs for IoT Hub | Azure | Infrastructure Security | LOW |
AC_AZURE_0100 | Ensure that the attribute 'ip_filter_deny_all' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0110 | Ensure backup is enabled using Azure Backup for Azure Windows Virtual Machines | Azure | Security Best Practices | LOW |
AC_AZURE_0118 | Ensure latest TLS version is in use for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0119 | Ensure CORS is tightly controlled and managed for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0120 | Ensure that authentication feature is enabled for Azure Windows Function App | Azure | Security Best Practices | LOW |
AC_AZURE_0129 | Ensure 'email account admins' is enabled for Azure MySQL Database Threat Detection Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0149 | Ensure anti-malware protection is enabled with real time protection for Azure Linux Virtual Machine Scale Set | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0152 | Ensure disk encryption is enabled for Azure Linux Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
AC_AZURE_0153 | Ensure overprovisioning is disabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | LOW |
AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0158 | Ensure network policy is configured for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0166 | Ensure that RSA keys have the specified minimum key size for Azure Key Vault Certificate | Azure | Compliance Validation | HIGH |
AC_AZURE_0169 | Ensure that logging for Azure KeyVault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_AZURE_0176 | Ensure managed identity is used in Azure Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0182 | Ensure auto inflate is enabled for Azure Eventhub Namespace | Azure | Compliance Validation | LOW |
AC_AZURE_0189 | Ensure Web Application Firewall(WAF) is enabled for Azure Application Gateway | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0204 | Ensure Synapse Workspace is not accessible to public via Azure Synapse Firewall Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0207 | Ensure cross account access is disabled for Azure Redis Cache | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0208 | Ensure that Active Azure Service Fabric clusters are automatically upgraded to latest version | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0209 | Ensure that Active Azure Service Fabric clusters are not using CVE-2022-30137 vulnerable cluster version(8.2.1124.1) | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0211 | Ensure data backup is enabled using `backup_blob_container_uri` for Azure Analysis Services Servers | Azure | Resilience | MEDIUM |
AC_AZURE_0213 | Ensure that members are always added for AzureAD Groups | Azure | Compliance Validation | LOW |
AC_AZURE_0215 | Ensure labels are configured to keep track of organization resources for Azure Kubernetes Cluster | Azure | Compliance Validation | LOW |
AC_AZURE_0219 | Ensure that only Azure integrated certificate authorities are in use for issuing certificates used in Azure Key Vault Certificate | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0243 | Ensure that LocalGit repository folder is not set to 'wwwroot' for Azure App Service | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0250 | Ensure integration service environment are used for deployment of Azure Logic App Workflow | Azure | Security Best Practices | LOW |
AC_AZURE_0251 | Ensure key size is set on all keys for Azure Key Vault Key | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0254 | Ensure public network access is disabled for Azure Cognitive Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0258 | Ensure default connection policy is not in use for Azure SQL Server | Azure | Compliance Validation | LOW |
AC_AZURE_0260 | Ensure backup retention period is enabled for Azure PostgreSQL Server | Azure | Compliance Validation | HIGH |
AC_AZURE_0266 | Ensure managed virtual networks are in use for Azure Synapse Workspace | Azure | Infrastructure Security | LOW |
AC_AZURE_0277 | Ensure tags are associated with Azure CosmosDB Account | Azure | Compliance Validation | LOW |
AC_AZURE_0282 | Ensure Owner roles are not assigned to any principal using Azure Role Assignment | Azure | Identity and Access Management | HIGH |
AC_AZURE_0284 | Ensure that 'Unattached disks' are encrypted with CMK | Azure | Data Protection | MEDIUM |