| AC_AWS_0100 | Ensure control plane logging is enabled for all log types for AWS Elastic Kubernetes Service (EKS) clusters | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0166 | Ensure at-rest data encryption is enabled for AWS ECS clusters | AWS | Data Protection | LOW |
| AC_AWS_0167 | Ensure at-rest data encryption is enabled for AWS EBS Root Block cluster | AWS | Data Protection | HIGH |
| AC_AWS_0169 | Ensure there are no URL references used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
| AC_AWS_0371 | Ensure user volumes are encrypted for the AWS Workspaces | AWS | Data Protection | MEDIUM |
| AC_AWS_0461 | Ensure AWS ECR Repository uses KMS for server-side encryption | AWS | Data Protection | MEDIUM |
| AC_AWS_0546 | Ensure load balancer health checks are used for AWS Auto Scaling Groups | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0580 | Ensure there is no policy with invalid action for Amazon Elastic Container Registry (ECR) Public repository policy | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0581 | Ensure Full Access (AmazonElasticContainerRegistryPublicFullAccess) is not applied to Amazon Elastic Container Registry (ECR) Public repository | AWS | Identity and Access Management | MEDIUM |
| AC_AZURE_0110 | Ensure backup is enabled using Azure Backup for Azure Windows Virtual Machines | Azure | Security Best Practices | LOW |
| AC_AZURE_0149 | Ensure anti-malware protection is enabled with real time protection for Azure Linux Virtual Machine Scale Set | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0152 | Ensure disk encryption is enabled for Azure Linux Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
| AC_AZURE_0153 | Ensure overprovisioning is disabled for Azure Linux Virtual Machine Scale Set | Azure | Compliance Validation | LOW |
| AC_AZURE_0156 | Enable role-based access control (RBAC) within Azure Kubernetes Services | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0158 | Ensure network policy is configured for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0208 | Ensure that Active Azure Service Fabric clusters are automatically upgraded to latest version | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0209 | Ensure that Active Azure Service Fabric clusters are not using CVE-2022-30137 vulnerable cluster version(8.2.1124.1) | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0215 | Ensure labels are configured to keep track of organization resources for Azure Kubernetes Cluster | Azure | Compliance Validation | LOW |
| AC_AZURE_0289 | Ensure HTTP application routing has been disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0304 | Ensure extensions are not installed on Azure Windows Virtual Machine | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0349 | Ensure disk encryption is enabled for Azure Windows Virtual Machine Scale Set | Azure | Data Protection | MEDIUM |
| AC_AZURE_0355 | Ensure DDoS protection standard is enabled for Azure Virtual Network | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0364 | Ensure that the latest OS patches for Azure Virtual Machine | Azure | Compliance Validation | MEDIUM |
| AC_GCP_0026 | Ensure network policy is enabled on Google Container Cluster | GCP | Infrastructure Security | HIGH |
| AC_GCP_0029 | Ensure stackdriver monitoring is enabled on Google Container Cluster | GCP | Logging and Monitoring | HIGH |
| AC_GCP_0031 | Ensure private google access is enabled for Google Compute Subnetwork | GCP | Infrastructure Security | MEDIUM |
| AC_GCP_0272 | Ensure shielded nodes are enabled for all nodes in Google Container Cluster | GCP | Infrastructure Security | LOW |
| AC_K8S_0020 | Ensure kube-controller-manager (affected versions of kube-controller-manager: v1.18.0, v1.17.0 - v1.17.4, v1.16.0 - v1.16.8, and v1.15.11) are not vulnerable to CVE-2020-8555 | Kubernetes | Data Protection | MEDIUM |
| AC_K8S_0021 | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | Compliance Validation | MEDIUM |
| AC_K8S_0026 | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0032 | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | Logging and Monitoring | MEDIUM |
| AC_K8S_0044 | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
| AC_K8S_0053 | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | Identity and Access Management | LOW |
| AC_K8S_0055 | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | Data Protection | MEDIUM |
| AC_K8S_0071 | Ensure that the Tiller Service (Helm v2) is not deployed for Kubernetes workloads | Kubernetes | Data Protection | MEDIUM |
| AC_K8S_0074 | Ensure kernel and system level calls are not configured in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0078 | Ensure 'readOnlyRootFileSystem' is set to true in Kubernetes workload configuration | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0090 | Ensure that the --basic-auth-file argument is not set | Kubernetes | Identity and Access Management | MEDIUM |
| AC_K8S_0125 | Ensure kernel level call configurations are not vulnerable to CVE-2022-0811 in all Kubernetes workloads | Kubernetes | Identity and Access Management | HIGH |
| AC_AZURE_0185 | Ensure locks are enabled for Azure Container Registry | Azure | Resilience | HIGH |
| AC_GCP_0018 | Ensure that Alpha clusters are not used for production workloads | GCP | Security Best Practices | LOW |
| AC_GCP_0025 | Ensure use of VPC-native clusters | GCP | Compliance Validation | HIGH |
| AC_GCP_0027 | Ensure Master Authorized Networks is Enabled | GCP | Infrastructure Security | HIGH |
| AC_GCP_0030 | Ensure Stackdriver Kubernetes Logging and Monitoring is Enabled | GCP | Logging and Monitoring | HIGH |
| AC_GCP_0033 | Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network | GCP | Logging and Monitoring | MEDIUM |
| AC_GCP_0271 | Ensure Secure Boot for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
| AC_K8S_0046 | Minimize the admission of privileged containers | Kubernetes | Identity and Access Management | HIGH |
| AC_K8S_0093 | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
| AC_AWS_0086 | Ensure container insights are enabled for Amazon Elastic Container Service (ECS) clusters | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0089 | Ensure potential DATABASE information is not included in container definition for AWS ECS service | AWS | Data Protection | HIGH |
