| AC_K8S_0121 | Ensure default-deny patterns are defined for Istio Authorization Policy | Kubernetes | Infrastructure Security | HIGH |
| AC_K8S_0119 | Ensure protocols are explicitly declared where possible for Istio Services | Kubernetes | Security Best Practices | MEDIUM |
| AC_K8S_0122 | Ensure DENY-with-negative-matching exist for Istio Authorization Object | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0048 | Ensure default routes are set for Istio services | Kubernetes | Security Best Practices | LOW |
| AC_K8S_0123 | Ensure TLS verification is enabled in Istio Destination Rules | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0120 | Ensure large virtual services are split into multiple resources for Istio Virtual Services | Kubernetes | Security Best Practices | LOW |
| AC_K8S_0124 | Ensure envoy proxies are not configured in permissive mode in Istio Peer Authentication | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0049 | Ensure ALLOW-with-positive-matching exist for Istio Authorization Object | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0118 | Ensure overly broad host configuration is not allowed for Istio Gateway | Kubernetes | Infrastructure Security | HIGH |
