S3_AWS_0001 | Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets - Terraform Version 1.x | AWS | Data Protection | HIGH |
S3_AWS_0003 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
S3_AWS_0005 | Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
AC_AWS_0212 | Ensure there are no publicly writeable and readable AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AZURE_0025 | Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access | Azure | Infrastructure Security | HIGH |
AC_AZURE_0079 | Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) | Azure | Data Protection | MEDIUM |
AC_AZURE_0557 | Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
AC_GCP_0240 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
AC_GCP_0358 | Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | GCP | Logging and Monitoring | LOW |
AC_AWS_0079 | Ensure default encryption is enabled for AWS EBS Volumes | AWS | Data Protection | HIGH |
AC_AWS_0125 | Ensure public access is disabled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0221 | Ensure 'allow put actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0393 | Ensure automated backup using EFS Backup policy is enabled for AWS Elastic File System (EFS) | AWS | Resilience | MEDIUM |
AC_AWS_0401 | Ensure encryption at rest is enabled for AWS Backup Vault | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0402 | Ensure wildcards(*) are not used in IAM policies for AWS Backup Vault Policy | AWS | Infrastructure Security | MEDIUM |
AC_AWS_0574 | Ensure that Object-level logging for write events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
AC_AWS_0607 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
AC_AZURE_0202 | Ensure access duration is set to 3600 seconds or less for Azure Managed Disk SAS Token | Azure | Data Protection | LOW |
AC_GCP_0236 | Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_access_control | GCP | Infrastructure Security | MEDIUM |
S3_AWS_0015 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
S3_AWS_0017 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0211 | Ensure AWS S3 Buckets are not listable for Authenticated users group | AWS | Identity and Access Management | HIGH |
AC_AWS_0214 | Ensure versioning is enabled for AWS S3 Buckets | AWS | Resilience | HIGH |
AC_AWS_0604 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
AC_AWS_0646 | Ensure S3 Bucket Policy is set to deny HTTP requests | AWS | Infrastructure Security | HIGH |
AC_AZURE_0373 | Ensure that 'Secure transfer required' is set to 'Enabled' | Azure | Data Protection | HIGH |
AC_AZURE_0559 | Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests | Azure | Data Protection | MEDIUM |
AC_GCP_0234 | Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled | GCP | Identity and Access Management | LOW |
AC_GCP_0239 | Ensure That Service Account Has No Admin Privileges - google_storage_bucket_iam_member | GCP | Identity and Access Management | HIGH |
AC_AWS_0023 | Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
AC_AWS_0099 | Ensure there are no public file systems for AWS Elastic File System (EFS) | AWS | Identity and Access Management | HIGH |
AC_AWS_0126 | Ensure permissions are tightly controlled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
AC_AWS_0207 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
AC_AWS_0216 | Ensure AWS S3 Bucket object ownership is more restrictive | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0218 | Ensure 'allow delete actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
AC_AWS_0368 | Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway File Shares | AWS | Security Best Practices | HIGH |
AC_AWS_0377 | Ensure permissions are tightly controlled for AWS EFS File System | AWS | Identity and Access Management | HIGH |
AC_AWS_0476 | Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
AC_AWS_0506 | Ensure valid account number format is used in AWS EFS File System Policy | AWS | Security Best Practices | LOW |
AC_AWS_0592 | Ensure that encryption is enabled for EFS file systems | AWS | Data Protection | HIGH |
AC_AZURE_0143 | Ensure that 'Unattached disks' are encrypted in Azure Managed Disk | Azure | Data Protection | MEDIUM |
AC_AZURE_0233 | Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) | Azure | Data Protection | MEDIUM |
AC_AZURE_0305 | Ensure public access is disabled for Azure Storage Sync | Azure | Infrastructure Security | HIGH |
AC_AZURE_0367 | Ensure Soft Delete is Enabled for Azure Storage | Azure | Data Protection | MEDIUM |
AC_AZURE_0371 | Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access | Azure | Infrastructure Security | HIGH |
AC_GCP_0241 | Ensure object versioning is enabled on Google Cloud Storage Buckets | GCP | Logging and Monitoring | LOW |
AC_GCP_0266 | Ensure a retention policy is enabled for Google Cloud Storage Buckets | GCP | Security Best Practices | MEDIUM |
AC_GCP_0267 | Ensure a retention period of at least 90 days is set for Google Cloud Storage Buckets | GCP | Security Best Practices | LOW |
AC_GCP_0303 | Ensure that retention policies on log buckets are configured using Bucket Lock | GCP | Logging and Monitoring | LOW |
S3_AWS_0004 | Ensure versioning is enabled for AWS S3 Buckets - Terraform Version 1.x | AWS | Resilience | HIGH |