| CIS_AZURE_0217 | Ensure Storage for Critical Data are Encrypted with Customer Managed Keys | Azure | Data Protection | MEDIUM |
| AC_AZURE_0026 | Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | Azure | Data Protection | HIGH |
| AC_AZURE_0069 | Ensure that Activity Log Alert exists for Create or Update Public IP Address rule | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0072 | Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0164 | Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | Azure | Data Protection | HIGH |
| AC_AZURE_0194 | Ensure that Register with Azure Active Directory is enabled on App Service | Azure | Security Best Practices | MEDIUM |
| AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0272 | Ensure CIFS / SMB (TCP:3020) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0276 | Ensure Cassandra OpsCenter (TCP:61621) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0287 | Ensure SSH (TCP:22) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0308 | Ensure public access is disabled for Azure MySQL Single Server | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0327 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Data Protection | MEDIUM |
| AC_AZURE_0336 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0423 | Ensure VNC Server (TCP:5900) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0435 | Ensure SaltStack Master (TCP:4505) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0451 | Ensure Puppet Master (TCP:8140) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0456 | Ensure PostgreSQL (Udp:5432) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0458 | Ensure PostgreSQL (TCP:5432) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0463 | Ensure POP3 (TCP:110) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0464 | Ensure Oracle DB SSL (Udp:2484) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0467 | Ensure Oracle DB SSL (TCP:2484) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0475 | Ensure NetBIOS Session Service (TCP:139) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0485 | Ensure NetBIOS Name Service (TCP:137) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0499 | Ensure Memcached SSL (Udp:11215) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0501 | Ensure Memcached SSL (Udp:11214) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0503 | Ensure Memcached SSL (TCP:11215) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0504 | Ensure Memcached SSL (TCP:11215) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0509 | Ensure MSSQL Server (TCP:1433) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0512 | Ensure MSSQL Debugger (TCP:135) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0520 | Ensure MSSQL Admin (TCP:1434) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0522 | Ensure LDAP SSL (TCP:636) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0526 | Ensure web port (TCP:8080) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0532 | Ensure Hadoop Name Node (TCP:9000) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0535 | Ensure DNS (Udp:53) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0558 | Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests | Azure | Data Protection | MEDIUM |
| AC_AZURE_0563 | Ensure Private Endpoints are used to access Storage Accounts | Azure | Data Protection | MEDIUM |
| AC_AZURE_0564 | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | Azure | Data Protection | MEDIUM |
| AC_AZURE_0569 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_app | Azure | Security Best Practices | MEDIUM |
| AC_AZURE_0590 | Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | Azure | Resilience | MEDIUM |
| AC_AZURE_0019 | Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0038 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0039 | Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0045 | Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0095 | Ensure TLS 1.2 or greater is used for IoT Hub | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0105 | Ensure that the attribute 'vulnerable_tls_cipher_suite' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0106 | Ensure that the attribute 'acr_authentication' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0107 | Ensure that the attribute 'baseline' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0112 | Ensure Time To Live (TTL) of the DNS record is not more than 60 minutes for Azure Private DNS Cname Record | Azure | Security Best Practices | MEDIUM |
| AC_AZURE_0114 | Ensure HTTPS is enabled for Azure Linux Function App | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0117 | Ensure managed identity is used in Azure Windows Function App | Azure | Identity and Access Management | LOW |
