| AC_AWS_0595 | Ensure access keys are rotated every 90 days or less | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0193 | Ensure Auto Minor Version Upgrade feature is Enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0610 | Ensure no security groups allow ingress from ::/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
| S3_AWS_0017 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0592 | Ensure that encryption is enabled for EFS file systems | AWS | Data Protection | HIGH |
| AC_AWS_0596 | Ensure credentials unused for 45 days or greater are disabled | AWS | Compliance Validation | LOW |
| AC_AWS_0593 | Ensure that IAM Access analyzer is enabled for all regions | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0603 | Ensure that public access is not given to Amazon Relational Database Service (Amazon RDS) Instance | AWS | Compliance Validation | MEDIUM |
| S3_AWS_0016 | Ensure MFA Delete is enabled on S3 buckets - Terraform Version 1.x | AWS | Security Best Practices | HIGH |
| AC_AWS_0633 | Ensure that IAM Access analyzer is enabled for all regions | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0609 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
| AC_AWS_0606 | Ensure MFA Delete is enabled on S3 buckets | AWS | Security Best Practices | HIGH |
| AC_AWS_0186 | Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Data Protection | HIGH |
| AC_AWS_0571 | Ensure a log metric filter and alarm exist for VPC changes | AWS | Security Best Practices | HIGH |
| AC_AWS_0557 | Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0558 | Ensure a log metric filter and alarm exist for Management Console sign-in without MFA | AWS | Security Best Practices | HIGH |
| S3_AWS_0007 | Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible - Terraform Version 1.x | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0587 | Ensure a log metric filter and alarm exist for usage of 'root' account | AWS | Security Best Practices | HIGH |
| AC_AWS_0591 | Ensure EBS Volume Encryption is Enabled in all Regions | AWS | Data Protection | HIGH |
| AC_AWS_0562 | Ensure a log metric filter and alarm exist for CloudTrail configuration changes | AWS | Security Best Practices | HIGH |
| AC_AWS_0598 | Ensure a support role has been created to manage incidents with AWS Support | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0565 | Ensure a log metric filter and alarm exist for S3 bucket policy changes | AWS | Security Best Practices | HIGH |
| AC_AWS_0586 | Ensure a log metric filter and alarm exist for unauthorized API calls | AWS | Security Best Practices | HIGH |
| AC_AWS_0556 | Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
| AC_AWS_0561 | Ensure a log metric filter and alarm exist for IAM policy changes | AWS | Security Best Practices | HIGH |
| AC_AWS_0569 | Ensure a log metric filter and alarm exist for changes to network gateways | AWS | Security Best Practices | HIGH |
| AC_AWS_0572 | Ensure a log metric filter and alarm exists for AWS Organizations changes | AWS | Security Best Practices | HIGH |
| AC_AWS_0599 | Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0600 | Ensure there is only one active access key available for any single IAM user | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0570 | Ensure a log metric filter and alarm exist for route table changes | AWS | Security Best Practices | HIGH |
| AC_AWS_0605 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0608 | Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0597 | Ensure MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
| AC_AWS_0432 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0626 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0140 | Ensure IAM password policy prevents password reuse | AWS | Compliance Validation | LOW |
| AC_AWS_0144 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached | AWS | Identity and Access Management | HIGH |
| AC_AWS_0594 | Ensure no 'root' user account access key exists | AWS | Identity and Access Management | HIGH |
| AC_AWS_0627 | Ensure IAM Users Receive Permissions Only Through Groups | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0142 | Ensure IAM password policy requires minimum length of 14 or greater | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0583 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0634 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
| AC_AWS_0151 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
| AC_AWS_0585 | Ensure CloudTrail trails are integrated with CloudWatch Logs | AWS | Logging and Monitoring | MEDIUM |
