| AC_AWS_0041 | Ensure resource ARNs do not have arn field missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0411 | Ensure there is no IAM policy with empty SID value | AWS | Identity and Access Management | LOW |
| AC_AWS_0416 | Ensure there is no IAM policy with a condition element having ForAnyValue Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
| AC_AWS_0421 | Ensure there is no IAM policy with empty array resource | AWS | Identity and Access Management | LOW |
| AC_AWS_0475 | Ensure redundant resources are not used for AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0492 | Ensure use of NotAction with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0494 | Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0019 | Ensure there is no policy with Empty array Action | AWS | Identity and Access Management | LOW |
| AC_AWS_0026 | Ensure there is no IAM policy with invalid region used for resource ARN | AWS | Identity and Access Management | LOW |
| AC_AWS_0027 | Ensure there is no IAM policy with invalid partition used for resource ARN | AWS | Identity and Access Management | LOW |
| AC_AWS_0031 | Ensure only lower case letters are in use for resource in AWS IAM Policy | AWS | Security Best Practices | LOW |
| AC_AWS_0398 | Ensure actions 'kms:Decrypt' and 'kms:ReEncryptFrom' are not allowed for all keys in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0420 | Ensure there is no policy with Empty array Condition | AWS | Identity and Access Management | LOW |
| AC_AWS_0478 | Ensure that IP range is specified in CIDR format for AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0489 | Ensure Creation of SLR with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0495 | Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0014 | Ensure resource ARNs do not have region missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0030 | Ensure valid account number format is used in AWS IAM Policy | AWS | Security Best Practices | LOW |
| AC_AWS_0040 | Ensure IAM policies with NotAction and NotResource are not attached or used | AWS | Identity and Access Management | HIGH |
| AC_AWS_0050 | Ensure `arn` prefix is in use for resource in AWS IAM Policy | AWS | Security Best Practices | LOW |
| AC_AWS_0413 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
| AC_AWS_0471 | Ensure correct combination of JSON policy elements is used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0474 | Ensure global condition key is not used in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0493 | Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0496 | Ensure IAM Policies were not configured with versions in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0498 | Ensure there is no IAM policy with invalid condition operator | AWS | Identity and Access Management | LOW |
| AC_AWS_0501 | Ensure Adding a valid base64-encoded string value for the condition operator | AWS | Identity and Access Management | LOW |
| AC_AWS_0196 | Ensure IAM Policy does not Allow with NotPrincipal | AWS | Identity and Access Management | HIGH |
| AC_AWS_0412 | Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with value not following standard CIDR | AWS | Identity and Access Management | LOW |
| AC_AWS_0414 | Ensure there is no IAM policy with a condition element having NotIpAddress Condition Operator with key (aws:SourceIp) using private IP address | AWS | Identity and Access Management | LOW |
| AC_AWS_0417 | Ensure there is no IAM policy with a condition element having IfExists Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
| AC_AWS_0418 | Ensure there is no IAM policy with Redundant action | AWS | Identity and Access Management | LOW |
| AC_AWS_0431 | Ensure cloud users don't have any direct permissions in AWS IAM Policy | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0473 | Ensure principal element is not empty in AWS IAM Trust Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0488 | Ensure there is no IAM policy with invalid policy element | AWS | Identity and Access Management | LOW |
| AC_AWS_0490 | Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked roles | AWS | Identity and Access Management | HIGH |
| AC_AWS_0497 | Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0550 | Ensure actions '*' and resource '*' are not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0145 | Ensure that full access to edit IAM Policies is restricted | AWS | Identity and Access Management | HIGH |
| AC_AWS_0028 | Ensure IAM policies with wildcard (*) resource and NotAction are not attached or used | AWS | Identity and Access Management | HIGH |
| AC_AWS_0029 | Ensure correct key format is used for condition in AWS IAM Policy | AWS | Security Best Practices | LOW |
| AC_AWS_0144 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached | AWS | Identity and Access Management | HIGH |
| AC_AWS_0195 | Ensure policy with iam:Passrole/* action and NotResource attributes is not used | AWS | Identity and Access Management | HIGH |
| AC_AWS_0213 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached with control tower | AWS | Identity and Access Management | LOW |
| AC_AWS_0415 | Ensure there is no IAM policy with a condition element having ForAllValues Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
| AC_AWS_0419 | Ensure no wildcards are used in resource ARN for AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0472 | Ensure only uppercase letters, lowercase letters and numbers are used in Sid element in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0477 | Ensure there is no IAM policy with invalid global condition keys | AWS | Identity and Access Management | LOW |
| AC_AWS_0487 | Ensure there is no IAM policy with multiple condition boolean values | AWS | Identity and Access Management | LOW |
| AC_AWS_0499 | Ensure that IAM policy does not exceed the identity policy quota for AWS IAM Policy | AWS | Identity and Access Management | LOW |
