| AC_AWS_0007 | Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0010 | Ensure that content encoding is enabled for API Gateway Rest API | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0015 | Ensure AWS WAF ACL is associated with AWS API Gateway Stage | AWS | Logging and Monitoring | LOW |
| AC_GCP_0366 | Ensure API Keys Are Restricted to Only APIs That Application Needs Access | GCP | Security Best Practices | MEDIUM |
| AC_AWS_0012 | Ensure CloudWatch Logs are enabled for AWS API Gateway Stage | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0013 | Ensure SSL Client Certificate is enabled for AWS API Gateway Stage | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0504 | Ensure valid account number format is used in AWS API Gateway Rest API Policy | AWS | Security Best Practices | LOW |
| AC_GCP_0367 | Ensure API Keys Are Rotated Every 90 Days | GCP | Security Best Practices | MEDIUM |
| AC_AWS_0008 | Ensure stage caching is enabled for AWS API Gateway Method Settings | AWS | Compliance Validation | MEDIUM |
| AC_AWS_0011 | Ensure that the endpoint type is set to private for API Gateway Rest API | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0439 | Ensure authorization is enabled for AWS API Gateway Method | AWS | Infrastructure Security | HIGH |
| AC_AWS_0442 | Ensure access logging is enabled for AWS API Gateway V2 API | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0450 | Ensure no wildcards are being used in AWS API Gateway Rest API Policy | AWS | Identity and Access Management | HIGH |
| AC_AWS_0009 | Ensure stage cache have encryption enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0395 | Ensure logging is enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
| AC_AWS_0400 | Ensure active tracing is enabled for AWS API Gateway Stage | AWS | Logging and Monitoring | LOW |
| AC_AWS_0403 | Ensure that an API key is required on a method request for AWS API Gateway Method | AWS | Identity and Access Management | MEDIUM |
| AC_AWS_0467 | Ensure CORS is configured to prevent sharing across all domains for AWS API Gateway V2 API | AWS | Security Best Practices | MEDIUM |
| AC_GCP_0365 | Ensure API Keys Only Exist for Active Services | GCP | Security Best Practices | MEDIUM |
