| AC_AWS_0163 | Ensure tracing is enabled for AWS Lambda Functions | AWS | Logging and Monitoring | LOW |
| AC_AWS_0455 | Ensure monitoring is enabled for AWS Launch Configuration | AWS | Logging and Monitoring | HIGH |
| AC_AWS_0459 | Ensure detailed monitoring is enabled for AWS EC2 instances | AWS | Compliance Validation | LOW |
| AC_AWS_0008 | Ensure stage caching is enabled for AWS API Gateway Method Settings | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0020 | Ensure failover criteria is set for AWS Cloudfront Distribution | AWS | Resilience | MEDIUM |
| AC_AWS_0064 | Ensure CloudWatch logging is enabled for Amazon Relational Database Service (Amazon RDS) instances | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0093 | Ensure potential AWS_ACCESS_KEY_ID information is not disclosed in container definition for AWS ECS service | AWS | Data Protection | HIGH |
| AC_AWS_0094 | Ensure potential CLIENT_ID information is not disclosed in container definition for AWS ECS service | AWS | Data Protection | HIGH |
| AC_AWS_0110 | Ensure ElasticSearch Zone Awareness is enabled | AWS | Resilience | MEDIUM |
| AC_AWS_0116 | Ensure advanced security options are enabled for AWS ElasticSearch Domain | AWS | Infrastructure Security | HIGH |
| AC_AWS_0192 | Ensure database instances with an AWS Aurora cluster should have same accessibility | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0194 | Ensure latest generation of instance classes is used by Amazon Relational Database Service (Amazon RDS) instances | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0373 | Ensure running mode is set to AutoStop for AWS Workspaces | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0382 | Ensure that cluster nodes are of given types for AWS Redshift Cluster | AWS | Compliance Validation | LOW |
| AC_AWS_0397 | Ensure multiple ENI are not attached to a single AWS Instance | AWS | Security Best Practices | LOW |
| AC_AWS_0442 | Ensure access logging is enabled for AWS API Gateway V2 API | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0491 | Ensure CloudTrail created sns policy have a condition key with either aws:SourceArn or aws:SourceAccount condition key used in Amazon Simple Notification Service (SNS) Topic | AWS | Identity and Access Management | LOW |
| AC_AWS_0613 | Ensure AWS Lambda function is configured with a Dead Letter Queue | AWS | Logging and Monitoring | LOW |
| AC_AZURE_0198 | Ensure compression is enabled for Azure CDN Endpoint | Azure | Resilience | MEDIUM |
| AC_AZURE_0223 | Ensure that auto-scaling is enabled for Azure Kubernetes Cluster | Azure | Resilience | MEDIUM |
| AC_AZURE_0230 | Ensure Developer/Premium SKUs are in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0255 | Ensure virtual network configuration is added for Azure Kusto Cluster | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0256 | Ensure private DNS zones are not linked to Azure Virtual Network | Azure | Compliance Validation | LOW |
| AC_AZURE_0539 | Ensure 'always_on' feature is enabled for Azure App Service | Azure | Resilience | MEDIUM |
| AC_GCP_0019 | Ensure labels are configured for Google Container Cluster | GCP | Compliance Validation | LOW |
| AC_GCP_0241 | Ensure object versioning is enabled on Google Cloud Storage Buckets | GCP | Logging and Monitoring | LOW |
| AC_K8S_0048 | Ensure default routes are set for Istio services | Kubernetes | Security Best Practices | LOW |
| AC_K8S_0069 | Ensure that every container image has a hash digest in all Kubernetes workloads | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0070 | Ensure liveness probe is configured for containers in all Kubernetes workloads | Kubernetes | Security Best Practices | LOW |
| AC_K8S_0072 | Ensure readiness probe is configured for containers in all Kubernetes workloads | Kubernetes | Security Best Practices | LOW |
| AC_K8S_0077 | Ensure 'procMount' is set to default in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0081 | Ensure only allowed volume types are mounted for all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0114 | Ensure the use of selector is enforced for Kubernetes Ingress or LoadBalancer service | Kubernetes | Infrastructure Security | LOW |
| AC_AWS_0035 | Ensure Amazon Simple Notification Service (SNS) topic is defined for notifying log file delivery for AWS CloudTrail | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0452 | Ensure log retention policy is set for AWS CloudWatch Log Group | AWS | Security Best Practices | MEDIUM |
| AC_AZURE_0147 | Ensure Azure log retention is set at least 90 days for Azure Log Analytics Workspace | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0283 | Ensure that Activity Log Retention is set 365 days or greater for Azure Monitor Log Profile | Azure | Logging and Monitoring | MEDIUM |
| AC_GCP_0266 | Ensure a retention policy is enabled for Google Cloud Storage Buckets | GCP | Security Best Practices | MEDIUM |
| AC_GCP_0267 | Ensure a retention period of at least 90 days is set for Google Cloud Storage Buckets | GCP | Security Best Practices | LOW |
| AC_AWS_0023 | Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0041 | Ensure resource ARNs do not have arn field missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0126 | Ensure permissions are tightly controlled for AWS GlacierVault | AWS | Identity and Access Management | HIGH |
| AC_AWS_0128 | Ensure S3 encryption configuration is configured for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
| AC_AWS_0129 | Ensure CloudWatch log encryption is enabled for AWS Glue Crawlers | AWS | Data Protection | MEDIUM |
| AC_AWS_0162 | Ensure that access policy is updated for AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
| AC_AWS_0216 | Ensure AWS S3 Bucket object ownership is more restrictive | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0377 | Ensure permissions are tightly controlled for AWS EFS File System | AWS | Identity and Access Management | HIGH |
| AC_AWS_0406 | Ensure NotResource is removed from all AWS Organization policies | AWS | Security Best Practices | LOW |
| AC_AWS_0407 | Ensure Effect is set to 'Deny' if Resource is used in Organization policies | AWS | Security Best Practices | LOW |
| AC_AWS_0422 | Ensure AWS Redshift Snapshot Retention Policy is more than 7 days | AWS | Compliance Validation | MEDIUM |
