| AC_AWS_0043 | Ensure temporary passwords are not valid for more than 90 days | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0135 | Ensure IAM password policy requires at least one uppercase letter | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0140 | Ensure IAM password policy prevents password reuse | AWS | Compliance Validation | LOW |
| AC_AWS_0144 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached | AWS | Identity and Access Management | HIGH |
| AC_AWS_0146 | Ensure IAM policies that allow full administrative privileges are not created and attached inline to a role | AWS | Identity and Access Management | HIGH |
| AC_AWS_0149 | Ensure no user can assume the role without MFA is specified in the condition parameter of AWS IAM User Policy | AWS | Compliance Validation | LOW |
| AC_AWS_0195 | Ensure policy with iam:Passrole/* action and NotResource attributes is not used | AWS | Identity and Access Management | HIGH |
| AC_AWS_0213 | Ensure IAM policies that allow full "*:*" administrative privileges are not attached with control tower | AWS | Identity and Access Management | LOW |
| AC_AWS_0408 | Ensure Effect is set to 'Deny' if NotAction is used in AWS Organization policies | AWS | Security Best Practices | LOW |
| AC_AWS_0409 | Ensure Effect is set to 'Deny' if Condition is used in AWS Organization policies | AWS | Security Best Practices | LOW |
| AC_AWS_0415 | Ensure there is no IAM policy with a condition element having ForAllValues Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
| AC_AWS_0419 | Ensure no wildcards are used in resource ARN for AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0472 | Ensure only uppercase letters, lowercase letters and numbers are used in Sid element in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0477 | Ensure there is no IAM policy with invalid global condition keys | AWS | Identity and Access Management | LOW |
| AC_AWS_0487 | Ensure there is no IAM policy with multiple condition boolean values | AWS | Identity and Access Management | LOW |
| AC_AWS_0499 | Ensure that IAM policy does not exceed the identity policy quota for AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0500 | Ensure condition value does not use wildcards (* and ?) without like operator | AWS | Identity and Access Management | LOW |
| AC_AWS_0507 | Ensure Adding Add a valid numeric value for the condition operator | AWS | Identity and Access Management | LOW |
| AC_AWS_0553 | Ensure a support role has been created to manage incidents with AWS Support | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0594 | Ensure no 'root' user account access key exists | AWS | Identity and Access Management | HIGH |
| AC_AWS_0601 | Ensure hardware MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
| AC_AZURE_0213 | Ensure that members are always added for AzureAD Groups | Azure | Compliance Validation | LOW |
| AC_AZURE_0282 | Ensure Owner roles are not assigned to any principal using Azure Role Assignment | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0540 | Ensure `force_password_change` is set to true for AzureAD User | Azure | Identity and Access Management | HIGH |
| AC_GCP_0255 | Ensure that IAM permissions are not granted directly to users for Google Cloud | GCP | Identity and Access Management | HIGH |
| AC_AWS_0041 | Ensure resource ARNs do not have arn field missing in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0047 | Ensure 'password policy' is enabled - at least 1 number | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0133 | Ensure there is no IAM user with permanent programmatic access | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0136 | Ensure IAM password policy requires minimum length of 14 or greater | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0142 | Ensure IAM password policy requires minimum length of 14 or greater | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0147 | Ensure full administrative privileges are not created and are attached to a role using AWS IAM Role Policy | AWS | Identity and Access Management | HIGH |
| AC_AWS_0148 | Ensure that every AWS account has a minimum password length policy for AWS IAM User Login Profile | AWS | Compliance Validation | HIGH |
| AC_AWS_0151 | Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | AWS | Compliance Validation | HIGH |
| AC_AWS_0406 | Ensure NotResource is removed from all AWS Organization policies | AWS | Security Best Practices | LOW |
| AC_AWS_0407 | Ensure Effect is set to 'Deny' if Resource is used in Organization policies | AWS | Security Best Practices | LOW |
| AC_AWS_0411 | Ensure there is no IAM policy with empty SID value | AWS | Identity and Access Management | LOW |
| AC_AWS_0416 | Ensure there is no IAM policy with a condition element having ForAnyValue Condition Operator with empty key-value pair | AWS | Identity and Access Management | LOW |
| AC_AWS_0421 | Ensure there is no IAM policy with empty array resource | AWS | Identity and Access Management | LOW |
| AC_AWS_0427 | Ensure hardware MFA is enabled for the "root user" account | AWS | Compliance Validation | HIGH |
| AC_AWS_0475 | Ensure redundant resources are not used for AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0492 | Ensure use of NotAction with NotResource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0494 | Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM Policy | AWS | Identity and Access Management | LOW |
| AC_AWS_0554 | Ensure there is only one active access key available for any single IAM user | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0597 | Ensure MFA is enabled for the 'root' user account | AWS | Compliance Validation | HIGH |
| AC_GCP_0006 | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level - google_project_iam_member | GCP | Identity and Access Management | HIGH |
| AC_GCP_0008 | Ensure that corporate login credentials are used | GCP | Identity and Access Management | LOW |
| AC_GCP_0004 | Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account | GCP | Identity and Access Management | LOW |
| AC_GCP_0005 | Ensure That Service Account Has No Admin Privileges - google_project_iam_member | GCP | Identity and Access Management | HIGH |
| AC_GCP_0268 | Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer | GCP | Identity and Access Management | LOW |
| AC_GCP_0330 | Ensure Essential Contacts is Configured for Organization | GCP | Logging and Monitoring | LOW |
