AC_AZURE_0110 | Ensure backup is enabled using Azure Backup for Azure Windows Virtual Machines | Azure | Security Best Practices | LOW |
AC_AZURE_0111 | Ensure that automatic upgrades are enabled for Azure Virtual Machine Extension | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0112 | Ensure Time To Live (TTL) of the DNS record is not more than 60 minutes for Azure Private DNS Cname Record | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0113 | Ensure backup is enabled using Azure Backup for Azure Linux Virtual Machines | Azure | Security Best Practices | LOW |
AC_AZURE_0114 | Ensure HTTPS is enabled for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0115 | Ensure that authentication feature is enabled for Azure Linux Function App | Azure | Security Best Practices | LOW |
AC_AZURE_0116 | Ensure FTP deployments are Disabled - azurerm_windows_function_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0117 | Ensure managed identity is used in Azure Windows Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0118 | Ensure latest TLS version is in use for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0119 | Ensure CORS is tightly controlled and managed for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0120 | Ensure that authentication feature is enabled for Azure Windows Function App | Azure | Security Best Practices | LOW |
AC_AZURE_0121 | Ensure HTTPS is enabled for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0122 | Ensure FTP deployments are Disabled - azurerm_linux_function_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0123 | Ensure managed identity is used in Azure Linux Function App | Azure | Identity and Access Management | LOW |
AC_AZURE_0124 | Ensure latest TLS version is in use for Azure Windows Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0125 | Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0126 | Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0127 | Ensure that Azure Active Directory Admin is configured for Azure MySQL Single Server | Azure | Identity and Access Management | HIGH |
AC_AZURE_0128 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0129 | Ensure 'email account admins' is enabled for Azure MySQL Database Threat Detection Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0130 | Ensure advanced threat protection is used for Azure MySQL Single Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0131 | Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0132 | Ensure 'email account admins' is enabled for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0133 | Ensure notification email address is configured for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0134 | Ensure that minimum TLS version is set to 1.2 for Azure MSSQL Server | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0135 | Ensure public access is disabled for Azure MSSQL Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0136 | Ensure that 'Auditing' Retention is 'greater than 90 days' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0137 | Ensure that 'Auditing' is set to 'On' | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0138 | Ensure geo-redundant backups are enabled for Azure MariaDB Server | Azure | Resilience | MEDIUM |
AC_AZURE_0139 | Ensure regular backups are enabled for Azure MariaDB Server | Azure | Resilience | MEDIUM |
AC_AZURE_0140 | Ensure public access is disabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0141 | Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0142 | Ensure CORS is tightly controlled and managed for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0143 | Ensure that 'Unattached disks' are encrypted in Azure Managed Disk | Azure | Data Protection | MEDIUM |
AC_AZURE_0144 | Ensure queries are not supported over the public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0145 | Ensure ingestion is not supported over public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0146 | Ensure log analytics workspace has daily quota value set for Azure Log Analytics Workspace | Azure | Compliance Validation | LOW |
AC_AZURE_0147 | Ensure Azure log retention is set at least 90 days for Azure Log Analytics Workspace | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0148 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_AZURE_0149 | Ensure anti-malware protection is enabled with real time protection for Azure Linux Virtual Machine Scale Set | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0150 | Ensure windows diagnostic is enabled for Azure Windows Virtual Machine Scale Set | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0151 | Ensure LinuxDiagnostic is enabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0152 | Ensure disk encryption is enabled for Azure Linux Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
AC_AZURE_0153 | Ensure overprovisioning is disabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | LOW |
AC_AZURE_0154 | Ensure that TLS is enforced for Azure Load Balancer | Azure | Resilience | LOW |
AC_AZURE_0155 | Ensure encryption is configured for Azure Kubernetes Cluster using a customer managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0157 | Ensure that pod security policy is enabled for Azure Kubernetes Cluster | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0158 | Ensure network policy is configured for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0159 | Ensure Azure Active Directory (Azure AD) has been enabled in Azure Kubernetes Cluster | Azure | Compliance Validation | MEDIUM |