| AC_AZURE_0096 | Ensure IP addresses are masked in the logs for IoT Hub | Azure | Infrastructure Security | LOW |
| AC_AZURE_0100 | Ensure that the attribute 'ip_filter_deny_all' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0163 | Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults | Azure | Data Protection | HIGH |
| AC_AZURE_0166 | Ensure that RSA keys have the specified minimum key size for Azure Key Vault Certificate | Azure | Compliance Validation | HIGH |
| AC_AZURE_0167 | Ensure the key vault is recoverable - purge_protection_enabled | Azure | Data Protection | MEDIUM |
| AC_AZURE_0169 | Ensure that logging for Azure KeyVault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
| AC_AZURE_0219 | Ensure that only Azure integrated certificate authorities are in use for issuing certificates used in Azure Key Vault Certificate | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0251 | Ensure key size is set on all keys for Azure Key Vault Key | Azure | Security Best Practices | MEDIUM |
| AC_AWS_0001 | Ensure AWS ACM only has certificates with single domain names, and none with wildcard domain names | AWS | Compliance Validation | LOW |
| AC_AWS_0021 | Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacks | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0022 | Ensure termination protection is enabled for AWS CloudFormation Stack | AWS | Security Best Practices | MEDIUM |
| AC_AWS_0048 | Ensure Elastic Block Store (EBS) volumes are encrypted through AWS Config | AWS | Data Protection | MEDIUM |
| AC_AWS_0185 | Ensure external principals are allowed for AWS RAM resources | AWS | Data Protection | MEDIUM |
| AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
| AC_GCP_0012 | Ensure a key rotation mechanism within a 365 day period is implemented for Google KMS Crypto Key | GCP | Security Best Practices | LOW |
| AC_GCP_0313 | Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible | GCP | Data Protection | MEDIUM |
| AC_K8S_0006 | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0008 | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | Identity and Access Management | HIGH |
| AC_K8S_0010 | Ensure that the --read-only-port is secured | Kubernetes | Identity and Access Management | LOW |
| AC_K8S_0104 | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | Identity and Access Management | HIGH |
| AC_AZURE_0028 | Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. | Azure | Data Protection | HIGH |
| AC_AZURE_0046 | Ensure 'Additional email addresses' is Configured with a Security Contact Email | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0048 | Ensure That 'Notify about alerts with the following severity' is Set to 'High' | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0097 | Ensure that the Microsoft Defender for IoT Hub is enabled | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0103 | Ensure that the attribute 'inconsistent_module_settings' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0239 | Ensure That 'All users with the following roles' is set to 'Owner' | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0317 | Ensure that string variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
| AC_AZURE_0319 | Ensure that date-time variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
| AC_AZURE_0325 | Ensure that Microsoft Defender for Storage is set to 'On' | Azure | Data Protection | MEDIUM |
| AC_AZURE_0326 | Ensure that Microsoft Defender for SQL servers on machines is set to 'On' | Azure | Data Protection | MEDIUM |
| AC_AZURE_0330 | Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected | Azure | Compliance Validation | MEDIUM |
| AC_GCP_0011 | Ensure KMS encryption keys are rotated within a period of 90 days | GCP | Security Best Practices | LOW |
| AC_AWS_0002 | Ensure AWS Certificate Manager (ACM) certificates are renewed 30 days before expiration date | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0003 | Ensure AWS Certificate Manager (ACM) certificates are renewed 7 days before expiration date | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0159 | Ensure customer master key (CMK) is not disabled for AWS Key Management Service (KMS) | AWS | Resilience | HIGH |
| AC_AWS_0162 | Ensure that access policy is updated for AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
| AC_GCP_0245 | Ensure IAM roles do not impersonate or manage service accounts through Google Folder IAM Binding | GCP | Identity and Access Management | LOW |
| AC_K8S_0004 | Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | Logging and Monitoring | LOW |
| AC_K8S_0007 | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | Identity and Access Management | HIGH |
| AC_K8S_0025 | Ensure default name space is not in use in Kubernetes Namespace | Kubernetes | Security Best Practices | LOW |
| AC_K8S_0103 | Minimize access to create pods | Kubernetes | Identity and Access Management | HIGH |
| AC_K8S_0112 | Ensure the use of externalIPs is restricted for Kubernetes service | Kubernetes | Infrastructure Security | MEDIUM |
| AC_K8S_0114 | Ensure the use of selector is enforced for Kubernetes Ingress or LoadBalancer service | Kubernetes | Infrastructure Security | LOW |
| AC_AWS_0004 | Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration date | AWS | Infrastructure Security | MEDIUM |
| AC_AWS_0160 | Ensure rotation for customer created CMKs is enabled | AWS | Data Protection | HIGH |
| AC_AWS_0226 | Ensure secrets should be auto-rotated after not more than 90 days | AWS | Compliance Validation | HIGH |
| AC_AWS_0458 | Ensure principal is defined for every IAM policy attached to AWS Key Management Service (KMS) key | AWS | Identity and Access Management | HIGH |
| AC_AWS_0479 | Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS) | AWS | Identity and Access Management | LOW |
| AC_AWS_0602 | Ensure rotation for customer created symmetric CMKs is enabled | AWS | Data Protection | HIGH |
| AC_AZURE_0026 | Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | Azure | Data Protection | HIGH |
