| CHECK_REQUIRED_VERSION | 266. Disable insecure functionalities |
| EC2_DEFAULT_SEC_GROUP | 266. Disable insecure functionalities |
| EC2_NOT_TERMINATION_PROTEC | 186. Use the principle of least privilege
265. Restrict access to critical processes |
| EC2_TERMINATE_SHUTDOWN_BEHAVIOR | 266. Disable insecure functionalities |
| TFM_ADMIN_MANAGED_POLICIES | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_ADMIN_POLICY | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_ALLOWS_PRIV_ESCALATION_BY_ATTACH_POLICY | 035. Manage privilege modifications |
| TFM_ALLOWS_PRIV_ESCALATION_BY_POLICIES_VERSIONS | 035. Manage privilege modifications |
| TFM_ANYONE_ADMIN_PORTS | 255. Allow access only to the necessary ports |
| TFM_API_ALL_HTTP_METHODS_ENABLED | 266. Disable insecure functionalities |
| TFM_API_GATEWAY_LOGGING_DISABLED | 075. Record exceptional events in logs
079. Record exact occurrence time of events
376. Register severity level |
| TFM_AWS_ACL_BROAD_NETWORK_ACCESS | 255. Allow access only to the necessary ports |
| TFM_AWS_EBS_VOLUMES_UNENCRYPTED | 185. Encrypt sensitive information
300. Mask sensitive data |
| TFM_AWS_EC2_ALL_TRAFFIC | 255. Allow access only to the necessary ports |
| TFM_AWS_EC2_CFN_UNRESTR_IP_PROT | 255. Allow access only to the necessary ports |
| TFM_AWS_EC2_UNRESTRICTED_CIDRS | 255. Allow access only to the necessary ports |
| TFM_AWS_EFS_UNENCRYPTED | 185. Encrypt sensitive information
300. Mask sensitive data |
| TFM_AWS_ELB_LISTENER_ON_HTTP | 181. Transmit data using secure protocols |
| TFM_AWS_ELB_WITHOUT_SSLPOLICY | 148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions |
| TFM_AWS_INSEC_PROTO | 148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions |
| TFM_AWS_SEC_GROUP_USING_TCP | 181. Transmit data using secure protocols |
| TFM_AZURE_APP_LOG_DISABLED | 075. Record exceptional events in logs
376. Register severity level
377. Store logs based on valid regulation
378. Use of log management system |
| TFM_AZURE_CLIENT_CERT_ENABLED | 227. Display access notification
228. Authenticate using standard protocols
229. Request access credentials
231. Implement a biometric verification component
235. Define credential interface
264. Request authentication
323. Exclude unverifiable files |
| TFM_AZURE_INSEC_PROTO | 148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions |
| TFM_AZURE_KEY_VAULT_NOT_RECOVER | 186. Use the principle of least privilege
265. Restrict access to critical processes |
| TFM_AZURE_KV_DANGER_BYPASS | 255. Allow access only to the necessary ports |
| TFM_AZURE_KV_DEFAULT_ACCESS | 255. Allow access only to the necessary ports |
| TFM_AZURE_KV_ONLY_ACCESS_HTTPS | 181. Transmit data using secure protocols |
| TFM_AZURE_KV_SECRET_NO_EXPIRATION | 130. Limit password lifespan
138. Define lifespan for temporary passwords
140. Define OTP lifespan |
| TFM_AZURE_LNX_VM_INSEC_AUTH | 030. Avoid object reutilization
228. Authenticate using standard protocols
319. Make authentication options equally secure |
| TFM_AZURE_SA_DEFAULT_ACCESS | 255. Allow access only to the necessary ports |
| TFM_AZURE_SA_INSEC_TRANSFER | 181. Transmit data using secure protocols |
| TFM_AZURE_SQL_LOG_RETENT | 075. Record exceptional events in logs
376. Register severity level
377. Store logs based on valid regulation
378. Use of log management system |
| TFM_AZURE_STORAGE_LOG_DISABLED | 075. Record exceptional events in logs
376. Register severity level
377. Store logs based on valid regulation
378. Use of log management system |
| TFM_AZURE_UNRESTRICTED_ACCESS | 255. Allow access only to the necessary ports |
| TFM_AZURE_VM_INSEC_AUTH | 030. Avoid object reutilization
228. Authenticate using standard protocols
319. Make authentication options equally secure |
| TFM_BUCKET_ALLOWS_PUBLIC | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_BUCKET_POLICY_SEC_TRANSPORT | 181. Transmit data using secure protocols |
| TFM_CF_DISTR_LOG_DISABLED | 075. Record exceptional events in logs
376. Register severity level
377. Store logs based on valid regulation
378. Use of log management system |
| TFM_COGNITO_HAS_MFA_DISABLED | 229. Request access credentials
231. Implement a biometric verification component
264. Request authentication
319. Make authentication options equally secure
328. Request MFA for critical systems |
| TFM_CONTENT_HTTP | 181. Transmit data using secure protocols |
| TFM_CTRAIL_LOG_NOT_VALIDATED | 080. Prevent log modification |
| TFM_DB_NO_POINT_TIME_RECOVERY | 186. Use the principle of least privilege
265. Restrict access to critical processes |
| TFM_DYNAMO_NOT_DEL_PROTEC | 186. Use the principle of least privilege
265. Restrict access to critical processes |
| TFM_EBS_UNENCRYPTED_DEFAULT | 266. Disable insecure functionalities |
| TFM_EBS_UNENCRYPTED_VOLUMES | 266. Disable insecure functionalities |
| TFM_EC2_ASSOC_PUB_IP | 266. Disable insecure functionalities |
| TFM_EC2_NO_IAM | 266. Disable insecure functionalities |
| TFM_EC2_OPEN_ALL_PORTS_PUBLIC | 255. Allow access only to the necessary ports |
| TFM_EC2_SEC_GROUPS_RFC1918 | 255. Allow access only to the necessary ports |
| TFM_EC2_UNENCRYPTED_BLOCK_DEVICES | 266. Disable insecure functionalities |
| TFM_EC2_UNRESTRICTED_DNS | 255. Allow access only to the necessary ports |
| TFM_EC2_UNRESTRICTED_FTP | 255. Allow access only to the necessary ports |
| TFM_EC2_UNRESTRICTED_PORTS | 255. Allow access only to the necessary ports |
| TFM_EKS_HAS_ENDPOINTS_PUBLICLY_ACCESSIBLE | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_ELASTICACHE_TRANSIT_ENCRYPTION_DISABLED | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_ELASTICACHE_USES_DEFAULT_PORT | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_ELB2_INSECURE_SEC_POLICY | 266. Disable insecure functionalities |
| TFM_ELB2_INSEC_PROTO | 181. Transmit data using secure protocols |
| TFM_ELB2_NOT_DELETION_PROTEC | 186. Use the principle of least privilege
265. Restrict access to critical processes |
| TFM_ELB_LOGGING_DISABLED | 075. Record exceptional events in logs
376. Register severity level
377. Store logs based on valid regulation
378. Use of log management system |
| TFM_HTTP_METHODS_ENABLED | 266. Disable insecure functionalities |
| TFM_IAM_EXCESSIVE_ROLE_POLICY | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_IAM_FULL_ACCESS_SSM | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_IAM_MISSING_SECURITY | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_IAM_PERMISSIONS_POLICY_NOT_ACTION | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_IAM_PERMISSIONS_POLICY_NOT_RESOURCE | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_IAM_POLICY_APPLY_TO_USERS | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_IAM_TRUST_POLICY_NOT_ACTION | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_IAM_TRUST_POLICY_NOT_PRINCIPAL | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_IAM_TRUST_POLICY_WILDCARD_ACTION | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_IAM_WILDCARD_WRITE | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_INST_WITHOUT_PROFILE | 255. Allow access only to the necessary ports |
| TFM_KMS_KEY_ROTATION_DISABLED | 266. Disable insecure functionalities |
| TFM_KMS_MASTER_KEYS_EXPOSED | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_NEGATIVE_STATEMENT | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_PERMISSIVE_POLICY | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_POLICY_SERVER_ENCRYP_DISABLED | 134. Store passwords with salt
135. Passwords with random salt
185. Encrypt sensitive information
227. Display access notification
229. Request access credentials
264. Request authentication
300. Mask sensitive data |
| TFM_PUBLIC_BUCKETS_ACL | 096. Set user's required privileges
176. Restrict system objects
264. Request authentication
320. Avoid client-side control enforcement |
| TFM_RDS_INSIDE_SUBNET | 255. Allow access only to the necessary ports |
| TFM_RDS_NOT_AUTO_BACKUPS | 186. Use the principle of least privilege
265. Restrict access to critical processes |
| TFM_RDS_NOT_USES_IAM_AUTHENTICATION | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_RDS_NO_DELETION_PROTEC | 186. Use the principle of least privilege
265. Restrict access to critical processes |
| TFM_RDS_PUB_ACCESSIBLE | 096. Set user's required privileges
176. Restrict system objects
265. Restrict access to critical processes |
| TFM_RDS_UNENCRYPTED_STORAGE | 134. Store passwords with salt
135. Passwords with random salt
185. Encrypt sensitive information
229. Request access credentials
264. Request authentication
300. Mask sensitive data |
| TFM_REDSHIFT_HAS_AUDIT_LOGS_DISABLED | 075. Record exceptional events in logs
376. Register severity level
377. Store logs based on valid regulation
378. Use of log management system |
| TFM_REDSHIFT_HAS_ENCRYPTION_DISABLED | 185. Encrypt sensitive information
300. Mask sensitive data |
| TFM_REDSHIFT_HAS_PUBLIC_CLUSTERS | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_REDSHIFT_HAS_USER_ACTIVITY_LOG_DISABLED | 075. Record exceptional events in logs
376. Register severity level
377. Store logs based on valid regulation
378. Use of log management system |
| TFM_REDSHIFT_NOT_REQUIRES_SSL | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_S3_BUCKETS_ALLOW_UNAUTHORIZED_PUBLIC_ACCESS | 096. Set user's required privileges
176. Restrict system objects
264. Request authentication
320. Avoid client-side control enforcement |
| TFM_S3_VERSIONING_DISABLED | 266. Disable insecure functionalities |
| TFM_SNS_HAS_SERVER_SIDE_ENCRYPTION_DISABLED | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_SQS_HAS_ENCRYPTION_DISABLED | 185. Encrypt sensitive information
265. Restrict access to critical processes
266. Disable insecure functionalities |
| TFM_SQS_IS_PUBLIC | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| TFM_TRAILS_NOT_MULTIREGION | 075. Record exceptional events in logs
376. Register severity level
377. Store logs based on valid regulation
378. Use of log management system |