| AC_GCP_0280 | Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets | GCP | Data Protection | MEDIUM |
| AC_GCP_0304 | Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK) | GCP | Data Protection | MEDIUM |
| AC_GCP_0305 | Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes | GCP | Logging and Monitoring | MEDIUM |
| AC_AZURE_0079 | Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) | Azure | Data Protection | MEDIUM |
| AC_AZURE_0242 | Ensure Diagnostic Setting captures appropriate categories | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0333 | Ensure that Activity Log Alert exists for Delete Network Security Group | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0397 | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Azure | Infrastructure Security | LOW |
| AC_AWS_0571 | Ensure a log metric filter and alarm exist for VPC changes | AWS | Security Best Practices | HIGH |
| S3_AWS_0008 | Ensure that Object-level logging for write events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| AC_AZURE_0572 | Ensure Web App is using the latest version of TLS encryption - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0575 | Ensure Web App is using the latest version of TLS encryption - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_GCP_0307 | Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes | GCP | Logging and Monitoring | MEDIUM |
| AC_GCP_0311 | Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes | GCP | Logging and Monitoring | MEDIUM |
| AC_AWS_0565 | Ensure a log metric filter and alarm exist for S3 bucket policy changes | AWS | Security Best Practices | HIGH |
| S3_AWS_0009 | Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| AC_AZURE_0021 | Ensure Soft Delete is Enabled for Azure Containers and Blob Storage | Azure | Data Protection | MEDIUM |
| AC_AZURE_0061 | Ensure that SSH access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0062 | Ensure that RDP access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0191 | Ensure Web App is using the latest version of TLS encryption | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0232 | Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible | Azure | Infrastructure Security | HIGH |
| AC_GCP_0013 | Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on' | GCP | Compliance Validation | LOW |
| AC_AZURE_0570 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0591 | Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0590 | Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server | Azure | Resilience | MEDIUM |
| AC_AZURE_0116 | Ensure FTP deployments are Disabled - azurerm_windows_function_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0334 | Ensure FTP deployments are Disabled | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0372 | Ensure Default Network Access Rule for Storage Accounts is Set to Deny | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0571 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0577 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0584 | Ensure FTP deployments are Disabled - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0574 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0576 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0588 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
| AC_GCP_0011 | Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days | GCP | Security Best Practices | LOW |
| AC_AWS_0564 | Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs | AWS | Security Best Practices | HIGH |
| AC_AWS_0567 | Ensure a log metric filter and alarm exist for security group changes | AWS | Security Best Practices | HIGH |
| AC_AWS_0566 | Ensure a log metric filter and alarm exist for AWS Config configuration changes | AWS | Security Best Practices | HIGH |
| AC_AWS_0587 | Ensure a log metric filter and alarm exist for usage of 'root' account | AWS | Security Best Practices | HIGH |
| AC_AWS_0591 | Ensure EBS Volume Encryption is Enabled in all Regions | AWS | Data Protection | HIGH |
| AC_AZURE_0025 | Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0060 | Ensure that UDP access from the Internet is evaluated and restricted | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0562 | Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0567 | Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0568 | Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_linux_web_app | Azure | Security Best Practices | MEDIUM |
| AC_AZURE_0582 | Ensure App Service Authentication is set up for apps in Azure App Service - azurerm_windows_web_app | Azure | Identity and Access Management | MEDIUM |
| AC_GCP_0262 | Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured | GCP | Compliance Validation | LOW |
| AC_GCP_0263 | Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges | GCP | Compliance Validation | LOW |
| AC_GCP_0273 | Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0279 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes | GCP | Logging and Monitoring | MEDIUM |
| AC_GCP_0306 | Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes | GCP | Logging and Monitoring | MEDIUM |
