| AC_AWS_0220 | Ensure 'allow list actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
| AC_AWS_0222 | Ensure 'allow put or restore actions from all principals' is disabled for AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
| AC_AWS_0365 | Ensure Amazon Simple Queue Service (SQS) is not exposed to public | AWS | Identity and Access Management | HIGH |
| AC_AWS_0403 | Ensure that an API key is required on a method request for AWS API Gateway Method | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0415 | Ensure there is no IAM policy with a condition element having ForAllValues Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
| AC_AWS_0419 | Ensure no wildcards are used in resource ARN for AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0472 | Ensure only uppercase letters, lowercase letters and numbers are used in Sid element in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0477 | Ensure there is no IAM policy with invalid global condition keys | AWS | Identity and Access Management | LOW |
| AC_AWS_0481 | Ensure there is no policy with invalid principal format for AWS S3 Bucket policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0487 | Ensure there is no IAM policy with multiple condition boolean values | AWS | Identity and Access Management | LOW |
| AC_AWS_0499 | Ensure that IAM policy does not exceed the identity policy quota for AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0500 | Ensure condition value does not use wildcards (* and ?) without like operator | AWS | Identity and Access Management | LOW |
| AC_AWS_0507 | Ensure Adding Add a valid numeric value for the condition operator | AWS | Identity and Access Management | LOW |
| AC_AWS_0551 | Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Queue Service (SQS) Queue | AWS | Identity and Access Management | LOW |
| AC_AWS_0553 | Ensure a support role has been created to manage incidents with AWS Support | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0580 | Ensure there is no policy with invalid action for Amazon Elastic Container Registry (ECR) Public repository policy | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0581 | Ensure Full Access (AmazonElasticContainerRegistryPublicFullAccess) is not applied to Amazon Elastic Container Registry (ECR) Public repository | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0594 | Ensure no 'root' user account access key exists | AWS | Identity and Access Management | HIGH |
| AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0176 | Ensure managed identity is used in Azure Function App | Azure | Identity and Access Management | LOW |
| AC_AZURE_0207 | Ensure cross account access is disabled for Azure Redis Cache | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0282 | Ensure Owner roles are not assigned to any principal using Azure Role Assignment | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0399 | Ensure that Identity block is defined and type is set to SystemAssigned for Azure PostgreSQL Server | Azure | Identity and Access Management | LOW |
| AC_AZURE_0538 | Ensure App Service Authentication is set up for apps in Azure App Service | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0540 | Ensure `force_password_change` is set to true for AzureAD User | Azure | Identity and Access Management | HIGH |
| AC_GCP_0255 | Ensure that IAM permissions are not granted directly to users for Google Cloud | GCP | Identity and Access Management | HIGH |
| AC_K8S_0026 | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0053 | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | Identity and Access Management | LOW |
| AC_K8S_0074 | Ensure kernel and system level calls are not configured in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0078 | Ensure 'readOnlyRootFileSystem' is set to true in Kubernetes workload configuration | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0090 | Ensure that the --basic-auth-file argument is not set | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0125 | Ensure kernel level call configurations are not vulnerable to CVE-2022-0811 in all Kubernetes workloads | Kubernetes | Identity and Access Management | HIGH |
| AC_AWS_0212 | Ensure there are no publicly writeable and readable AWS S3 Buckets | AWS | Identity and Access Management | HIGH |
| AC_AWS_0628 | Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLs | AWS | Identity and Access Management | MEDIUM |
| AC_AZURE_0567 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0582 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_windows_web_app | Azure | Identity and Access Management | MEDIUM |
| AC_GCP_0240 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
| AC_K8S_0008 | Ensure that a Client CA File is Configured | Kubernetes | Identity and Access Management | HIGH |
| AC_K8S_0010 | Ensure that the --read-only-port is disabled | Kubernetes | Identity and Access Management | LOW |
| AC_K8S_0046 | Minimize the admission of privileged containers | Kubernetes | Identity and Access Management | HIGH |
| AC_K8S_0104 | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | Identity and Access Management | HIGH |
| AC_AWS_0023 | Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0041 | Ensure resource ARNs do not have arn field missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0047 | Ensure 'password policy' is enabled - at least 1 number | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0099 | Ensure there are no public file systems for AWS Elastic File System (EFS) | AWS | Identity and Access Management | HIGH |
| AC_AWS_0126 | Ensure permissions are tightly controlled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
| AC_AWS_0133 | Ensure there is no IAM user with permanent programmatic access | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0147 | Ensure full administrative privileges are not created and are attached to a role using AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
| AC_AWS_0162 | Ensure that access policy is updated for AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
