| AC_AWS_0449 | Ensure the default security group of every VPC restricts all traffic | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0563 | Ensure a log metric filter and alarm exist for AWS Management Console authentication failures | AWS | Security Best Practices | HIGH |
| AC_AWS_0049 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
| AC_AWS_0036 | Ensure CloudTrail log file validation is enabled | AWS | Logging and Monitoring | MEDIUM |
| S3_AWS_0003 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.x | AWS | Data Protection | HIGH |
| AC_AWS_0207 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
| AC_AWS_0160 | Ensure rotation for customer created CMKs is enabled | AWS | Data Protection | HIGH |
| S3_AWS_0008 | Ensure that Object-level logging for write events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| AC_AWS_0575 | Ensure that Object-level logging for read events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
| AC_AWS_0602 | Ensure rotation for customer created symmetric CMKs is enabled | AWS | Data Protection | HIGH |
| AC_AWS_0590 | Ensure the default security group of every VPC restricts all traffic | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0574 | Ensure that Object-level logging for write events is enabled for S3 bucket | AWS | Identity and Access Management | HIGH |
| AC_AWS_0033 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | AWS | Logging and Monitoring | HIGH |
| AC_AWS_0369 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
| AC_AWS_0568 | Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) | AWS | Security Best Practices | HIGH |
| AC_AWS_0584 | Ensure CloudTrail log file validation is enabled | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0564 | Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs | AWS | Security Best Practices | HIGH |
| AC_AWS_0567 | Ensure a log metric filter and alarm exist for security group changes | AWS | Security Best Practices | HIGH |
| AC_AWS_0566 | Ensure a log metric filter and alarm exist for AWS Config configuration changes | AWS | Security Best Practices | HIGH |
| AC_AWS_0632 | Ensure AWS Config is enabled in all regions | AWS | Logging and Monitoring | HIGH |
| S3_AWS_0009 | Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.x | AWS | Identity and Access Management | HIGH |
| AC_AWS_0582 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | AWS | Logging and Monitoring | HIGH |
| AC_AWS_0588 | Ensure a log metric filter and alarm exist for AWS Management Console authentication failures | AWS | Security Best Practices | HIGH |
| AC_AWS_0555 | Ensure IAM instance roles are used for AWS resource access from instances | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0604 | Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null | AWS | Data Protection | HIGH |
| AC_AWS_0427 | Ensure hardware MFA is enabled for the "root user" account | AWS | Compliance Validation | HIGH |
| AC_AWS_0612 | Ensure VPC flow logging is enabled in all VPCs | AWS | Logging and Monitoring | LOW |
| AC_AWS_0601 | Ensure hardware MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
