| 🛡️ AWS Account IAM Access Analyzer is not enabled for all regions🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS Account IAM Password Policy Number of passwords to remember is not set to 24🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS Account Root User credentials were used is the last 30 days🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Instance IAM role is not attached🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM Policy allows full administrative privileges🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM Server Certificate is expired🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM User Access Keys are not rotated every 90 days or less🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM User has inline or directly attached policies🟢 | 1 | 🟠 x1, 🟢 x5 | no data |
| 🛡️ AWS IAM User has more than one active access key🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM User MFA is not enabled for all users with console password🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM User with console and programmatic access set during the initial creation🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ AWS IAM User with credentials unused for 45 days or more is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS S3 Bucket MFA Delete is not enabled🟠🟢 | 1 | 🟠 x1, 🟢 x6 | no data |
| 🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure App Service Basic Authentication is enabled🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure App Service is not registered with Microsoft Entra ID🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Key Vault Soft Delete and Purge Protection functions are not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Non-RBAC Key Vault stores Keys without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Non-RBAC Key Vault stores Secrets without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure RBAC Key Vault stores Keys without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure RBAC Key Vault stores Secrets without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Consumer Google Accounts are used🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Google Accounts are not configured with MFA🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK)🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google BigQuery Table is not encrypted with Customer-Managed Encryption Key (CMEK)🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud Audit Logging is not configured properly🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK)🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance Block Project-Wide SSH Keys is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance Confidential Compute is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance is configured to use the Default Service Account🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance OS Login is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GKE Cluster Node Pool uses default Service account🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google IAM Policy Binding Member (User) is assigned a basic role🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Project with KMS keys has a principal with Owner role🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Resource Manager Organization has a Redis IAM role assigned🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Storage Bucket is anonymously or publicly accessible🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google User has both Service Account Admin and Service Account User roles assigned🟢 | 1 | 🟢 x6 | no data |