CHECK_REQUIRED_VERSION | 266. Disable insecure functionalities |
EC2_DEFAULT_SEC_GROUP | 266. Disable insecure functionalities |
EC2_NOT_TERMINATION_PROTEC | 186. Use the principle of least privilege 265. Restrict access to critical processes |
EC2_TERMINATE_SHUTDOWN_BEHAVIOR | 266. Disable insecure functionalities |
TFM_ADMIN_MANAGED_POLICIES | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_ADMIN_POLICY | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_ALLOWS_PRIV_ESCALATION_BY_ATTACH_POLICY | 035. Manage privilege modifications |
TFM_ALLOWS_PRIV_ESCALATION_BY_POLICIES_VERSIONS | 035. Manage privilege modifications |
TFM_ANYONE_ADMIN_PORTS | 255. Allow access only to the necessary ports |
TFM_API_ALL_HTTP_METHODS_ENABLED | 266. Disable insecure functionalities |
TFM_API_GATEWAY_LOGGING_DISABLED | 075. Record exceptional events in logs 079. Record exact occurrence time of events 376. Register severity level |
TFM_AWS_ACL_BROAD_NETWORK_ACCESS | 255. Allow access only to the necessary ports |
TFM_AWS_EBS_VOLUMES_UNENCRYPTED | 185. Encrypt sensitive information 300. Mask sensitive data |
TFM_AWS_EC2_ALL_TRAFFIC | 255. Allow access only to the necessary ports |
TFM_AWS_EC2_CFN_UNRESTR_IP_PROT | 255. Allow access only to the necessary ports |
TFM_AWS_EC2_UNRESTRICTED_CIDRS | 255. Allow access only to the necessary ports |
TFM_AWS_EFS_UNENCRYPTED | 185. Encrypt sensitive information 300. Mask sensitive data |
TFM_AWS_ELB_LISTENER_ON_HTTP | 181. Transmit data using secure protocols |
TFM_AWS_ELB_WITHOUT_SSLPOLICY | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
TFM_AWS_INSEC_PROTO | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
TFM_AWS_SEC_GROUP_USING_TCP | 181. Transmit data using secure protocols |
TFM_AZURE_APP_LOG_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
TFM_AZURE_CLIENT_CERT_ENABLED | 227. Display access notification 228. Authenticate using standard protocols 229. Request access credentials 231. Implement a biometric verification component 235. Define credential interface 264. Request authentication 323. Exclude unverifiable files |
TFM_AZURE_INSEC_PROTO | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
TFM_AZURE_KEY_VAULT_NOT_RECOVER | 186. Use the principle of least privilege 265. Restrict access to critical processes |
TFM_AZURE_KV_DANGER_BYPASS | 255. Allow access only to the necessary ports |
TFM_AZURE_KV_DEFAULT_ACCESS | 255. Allow access only to the necessary ports |
TFM_AZURE_KV_ONLY_ACCESS_HTTPS | 181. Transmit data using secure protocols |
TFM_AZURE_KV_SECRET_NO_EXPIRATION | 130. Limit password lifespan 138. Define lifespan for temporary passwords 140. Define OTP lifespan |
TFM_AZURE_LNX_VM_INSEC_AUTH | 030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure |
TFM_AZURE_SA_DEFAULT_ACCESS | 255. Allow access only to the necessary ports |
TFM_AZURE_SA_INSEC_TRANSFER | 181. Transmit data using secure protocols |
TFM_AZURE_SQL_LOG_RETENT | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
TFM_AZURE_STORAGE_LOG_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
TFM_AZURE_UNRESTRICTED_ACCESS | 255. Allow access only to the necessary ports |
TFM_AZURE_VM_INSEC_AUTH | 030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure |
TFM_BUCKET_ALLOWS_PUBLIC | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_BUCKET_POLICY_SEC_TRANSPORT | 181. Transmit data using secure protocols |
TFM_CF_DISTR_LOG_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
TFM_COGNITO_HAS_MFA_DISABLED | 229. Request access credentials 231. Implement a biometric verification component 264. Request authentication 319. Make authentication options equally secure 328. Request MFA for critical systems |
TFM_CONTENT_HTTP | 181. Transmit data using secure protocols |
TFM_CTRAIL_LOG_NOT_VALIDATED | 080. Prevent log modification |
TFM_DB_NO_POINT_TIME_RECOVERY | 186. Use the principle of least privilege 265. Restrict access to critical processes |
TFM_DYNAMO_NOT_DEL_PROTEC | 186. Use the principle of least privilege 265. Restrict access to critical processes |
TFM_EBS_UNENCRYPTED_DEFAULT | 266. Disable insecure functionalities |
TFM_EBS_UNENCRYPTED_VOLUMES | 266. Disable insecure functionalities |
TFM_EC2_ASSOC_PUB_IP | 266. Disable insecure functionalities |
TFM_EC2_NO_IAM | 266. Disable insecure functionalities |
TFM_EC2_OPEN_ALL_PORTS_PUBLIC | 255. Allow access only to the necessary ports |
TFM_EC2_SEC_GROUPS_RFC1918 | 255. Allow access only to the necessary ports |
TFM_EC2_UNENCRYPTED_BLOCK_DEVICES | 266. Disable insecure functionalities |
TFM_EC2_UNRESTRICTED_DNS | 255. Allow access only to the necessary ports |
TFM_EC2_UNRESTRICTED_FTP | 255. Allow access only to the necessary ports |
TFM_EC2_UNRESTRICTED_PORTS | 255. Allow access only to the necessary ports |
TFM_EKS_HAS_ENDPOINTS_PUBLICLY_ACCESSIBLE | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_ELASTICACHE_TRANSIT_ENCRYPTION_DISABLED | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_ELASTICACHE_USES_DEFAULT_PORT | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_ELB2_INSECURE_SEC_POLICY | 266. Disable insecure functionalities |
TFM_ELB2_INSEC_PROTO | 181. Transmit data using secure protocols |
TFM_ELB2_NOT_DELETION_PROTEC | 186. Use the principle of least privilege 265. Restrict access to critical processes |
TFM_ELB_LOGGING_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
TFM_HTTP_METHODS_ENABLED | 266. Disable insecure functionalities |
TFM_IAM_EXCESSIVE_ROLE_POLICY | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_IAM_FULL_ACCESS_SSM | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_IAM_MISSING_SECURITY | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_IAM_PERMISSIONS_POLICY_NOT_ACTION | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_IAM_PERMISSIONS_POLICY_NOT_RESOURCE | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_IAM_POLICY_APPLY_TO_USERS | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_IAM_TRUST_POLICY_NOT_ACTION | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_IAM_TRUST_POLICY_NOT_PRINCIPAL | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_IAM_TRUST_POLICY_WILDCARD_ACTION | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_IAM_WILDCARD_WRITE | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_INST_WITHOUT_PROFILE | 255. Allow access only to the necessary ports |
TFM_KMS_KEY_ROTATION_DISABLED | 266. Disable insecure functionalities |
TFM_KMS_MASTER_KEYS_EXPOSED | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_NEGATIVE_STATEMENT | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_PERMISSIVE_POLICY | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_POLICY_SERVER_ENCRYP_DISABLED | 134. Store passwords with salt 135. Passwords with random salt 185. Encrypt sensitive information 227. Display access notification 229. Request access credentials 264. Request authentication 300. Mask sensitive data |
TFM_PUBLIC_BUCKETS_ACL | 096. Set user's required privileges 176. Restrict system objects 264. Request authentication 320. Avoid client-side control enforcement |
TFM_RDS_INSIDE_SUBNET | 255. Allow access only to the necessary ports |
TFM_RDS_NOT_AUTO_BACKUPS | 186. Use the principle of least privilege 265. Restrict access to critical processes |
TFM_RDS_NOT_USES_IAM_AUTHENTICATION | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_RDS_NO_DELETION_PROTEC | 186. Use the principle of least privilege 265. Restrict access to critical processes |
TFM_RDS_PUB_ACCESSIBLE | 096. Set user's required privileges 176. Restrict system objects 265. Restrict access to critical processes |
TFM_RDS_UNENCRYPTED_STORAGE | 134. Store passwords with salt 135. Passwords with random salt 185. Encrypt sensitive information 229. Request access credentials 264. Request authentication 300. Mask sensitive data |
TFM_REDSHIFT_HAS_AUDIT_LOGS_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
TFM_REDSHIFT_HAS_ENCRYPTION_DISABLED | 185. Encrypt sensitive information 300. Mask sensitive data |
TFM_REDSHIFT_HAS_PUBLIC_CLUSTERS | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_REDSHIFT_HAS_USER_ACTIVITY_LOG_DISABLED | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |
TFM_REDSHIFT_NOT_REQUIRES_SSL | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_S3_BUCKETS_ALLOW_UNAUTHORIZED_PUBLIC_ACCESS | 096. Set user's required privileges 176. Restrict system objects 264. Request authentication 320. Avoid client-side control enforcement |
TFM_S3_VERSIONING_DISABLED | 266. Disable insecure functionalities |
TFM_SNS_HAS_SERVER_SIDE_ENCRYPTION_DISABLED | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_SQS_HAS_ENCRYPTION_DISABLED | 185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities |
TFM_SQS_IS_PUBLIC | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
TFM_TRAILS_NOT_MULTIREGION | 075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system |