| 📝 AWS Account IAM Access Analyzer is not enabled for all regions 🟢 | 1 | 🟢 x6 |
| 📝 AWS API Gateway API Route Authorization Type is not configured 🟢 | 1 | 🟢 x6 |
| 📝 AWS CodeBuild Project Bitbucket Source Location URL contains credentials 🟢 | 1 | 🟢 x6 |
| 📝 AWS EC2 Auto Scaling Group Launch Template is not configured to require IMDSv2 🟢 | 1 | 🟢 x6 |
| 📝 AWS EC2 Default Security Group does not restrict all traffic 🟢 | 1 | 🟢 x6 |
| 📝 AWS EC2 Instance IAM role is not attached 🟢 | 1 | 🟢 x6 |
| 📝 AWS EC2 Instance IMDSv2 is not enabled 🟢 | 1 | 🟢 x6 |
| 📝 AWS EKS Cluster IAM OIDC provider is not created 🟢 | 1 | 🟢 x6 |
| 📝 AWS RDS Aurora Cluster access is not consistent 🟢 | 1 | 🟢 x6 |
| 📝 AWS VPC is not configured with a VPC Endpoint for Amazon EC2 service 🟢 | 1 | 🟢 x6 |
| 📝 AWS VPC Route Table for VPC Peering does not follow the least privilege principle 🟢 | | 🟢 x3 |
| 📝 AWS VPC Transit Gateway Auto Accept Shared Attachments is enabled 🟢 | 1 | 🟢 x6 |
| 📝 Azure App Service Authentication is disabled and Basic Authentication is enabled 🟢 | 1 | 🟢 x6 |
| 📝 Azure App Service Basic Authentication is enabled 🟢 | | 🟢 x3 |
| 📝 Azure App Service is not registered with Microsoft Entra ID 🟢 | 1 | 🟢 x6 |
| 📝 Azure Cosmos DB Account Private Endpoints are not used 🟢 | 1 | 🟢 x6 |
| 📝 Azure Cosmos DB Entra ID Client Authentication is not used 🟢 | | 🟢 x3 |
| 📝 Azure Databricks network security groups are not configured 🟢 | | 🟢 x3 |
| 📝 Azure Databricks Personal Access Tokens (PATs) are not restricted and expirable 🟢 | | 🟢 x3 |
| 📝 Azure Databricks users and groups are not synced from Microsoft Entra ID 🟢 | | 🟢 x3 |
| 📝 Azure Key Vault Managed HSM is not used whenever required 🟢 | | 🟢 x3 |
| 📝 Azure Key Vault Private Endpoints are not used 🟢 | 1 | 🟢 x6 |
| 📝 Azure Key Vault Public Network Access when using Private Endpoint is enabled 🟢 | 1 | 🟢 x6 |
| 📝 Azure Key Vault Role Based Access Control is not enabled 🟢 | 1 | 🟢 x6 |
| 📝 Azure Managed Disk Data Access Auth Mode is not set to Azure Active Directory 🟢 | 1 | 🟢 x6 |
| 📝 Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services 🟢 | 1 | 🟢 x6 |
| 📝 Azure SQL Server Microsoft Entra authentication is not configured 🟢 | 1 | 🟢 x6 |
| 📝 Azure Storage Account Access Key Rotation Reminders are not enabled 🟢 | | 🟢 x3 |
| 📝 Azure Storage Account Access Keys are not regenerated periodically 🟢 | | 🟢 x3 |
| 📝 Azure Storage Account Default To OAuth Authentication is not set to Yes 🟢 | 1 | 🟢 x6 |
| 📝 Azure Storage Account Private Endpoints are not used 🟢 | 1 | 🟢 x6 |
| 📝 Azure Storage Account Shared Access Signature Tokens do not expire within 1 hour 🟢 | | 🟢 x3 |
| 📝 Azure Storage Account Shared Key Access is not disabled 🟢 | 1 | 🟢 x6 |
| 📝 Azure Storage Account Trusted Azure Services are not enabled as networking exceptions 🟢 | 1 | 🟢 x6 |
| 📝 Azure Subscription Bastion Host does not exist 🟢 | 1 | 🟠 x1, 🟢 x5 |
| 📝 Google Access Approval is not enabled 🟢 | 1 | 🟢 x6 |
| 📝 Google Cloud Function Environment Variables store confidential data 🟢 | | 🟢 x3 |
| 📝 Google Cloud MySQL Instance allows anyone to connect with administrative privileges 🟢 | | 🟢 x3 |
| 📝 Google Cloud MySQL Instance Skip_show_database Database Flag is not set to on 🟢 | 1 | 🟢 x6 |
| 📝 Google Cloud SQL Instance SSL Connections are not enforced 🟢 | 1 | 🟢 x6 |
| 📝 Google Cloud SQL Server Instance contained database authentication Database Flag is set to on 🟢 | 1 | 🟢 x6 |
| 📝 Google Cloud SQL Server Instance remote access Database Flag is not set to off 🟢 | 1 | 🟢 x6 |
| 📝 Google Cloud SQL Server Instance user options Database Flag is configured 🟢 | 1 | 🟢 x6 |
| 📝 Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key 🟢 | 1 | 🟢 x6 |
| 📝 Google GCE Instance Block Project-Wide SSH Keys is not enabled 🟢 | 1 | 🟢 x6 |
| 📝 Google GCE Instance Enable Connecting to Serial Ports is not disabled 🟢 | 1 | 🟢 x6 |
| 📝 Google GCE Instance is configured to use the Default Service Account 🟢 | 1 | 🟢 x6 |
| 📝 Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs 🟢 | 1 | 🟢 x6 |
| 📝 Google GCE Instance IP Forwarding is not disabled. 🟢 | 1 | 🟢 x6 |
| 📝 Google GCE Instance OS Login is not enabled 🟢 | 1 | 🟢 x6 |
| 📝 Google GCE Network has Firewall Rules which allow unrestricted RDP access from the Internet 🟢 | 1 | 🟢 x6 |
| 📝 Google GCE Network has Firewall Rules which allow unrestricted SSH access from the Internet 🟢 | 1 | 🟢 x6 |
| 📝 Google Identity Aware Proxy (IAP) is not used to enforce access controls 🟢 | | 🟢 x3 |
| 📝 Google Project has a default network 🟢 | 1 | 🟢 x6 |
| 📝 Google Storage Bucket Uniform Bucket-Level Access is not enabled 🟢 | 1 | 🟢 x6 |