| π [LEGACY] Azure Virtual Machine VHDs are not encrypted π’ | | π’ x3 |
| π AWS Account Alternate Contact Information is not current π΄π’ | | π΄ x1, π’ x3 |
| π AWS Account Primary Contact Information is not current π΄π’ | | π΄ x1, π’ x3 |
| π AWS Account Root User Hardware MFA is not enabled. π’ | | π’ x3 |
| π AWS CloudTrail AWS Organizations Changes Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Config Configuration Changes Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Configuration Changes Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Disable CMK or Schedule CMK Deletion Events Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail IAM Policy Changes Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Management Console Authentication Failures Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Management Console Sign-In without MFA Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Network Access Control Lists Changes Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Network Gateways Changes Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Root Account Usage Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Route Table Changes Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail S3 Bucket Policy Changes Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Security Group Changes Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail Unauthorized API Calls Monitoring is not enabled π’ | | π’ x3 |
| π AWS CloudTrail VPC Changes Monitoring is not enabled π’ | | π’ x3 |
| π AWS IAM User is not managed centrally in multi-account environments π’ | | π’ x3 |
| π AWS IAM User with console and programmatic access set during the initial creation π’ | | π’ x3 |
| π AWS S3 Bucket sensitive data is not discovered, classified, and secured π’ | | π’ x3 |
| π AWS VPC Route Table for VPC Peering does not follow the least privilege principle π’ | | π’ x3 |
| π Azure App Service Basic Authentication is enabled π’ | | π’ x3 |
| π Azure App Service does not run the latest Java version π’ | | π’ x3 |
| π Azure App Service does not run the latest PHP version π’ | | π’ x3 |
| π Azure App Service does not run the latest Python version π’ | | π’ x3 |
| π Azure App Service does not use Azure Key Vaults to store secrets π’ | | π’ x3 |
| π Azure Cosmos DB Entra ID Client Authentication is not used π’ | | π’ x3 |
| π Azure Diagnostic Setting exists for Subscription Activity Logs π’ | | π’ x3 |
| π Azure Diagnostic Setting for Azure AppService HTTP logs is not enabled π’ | | π’ x3 |
| π Azure Diagnostic Setting for Azure Key Vault is not enabled π’ | | π’ x3 |
| π Azure Diagnostic Setting is not enabled for all services that support it π’ | | π’ x3 |
| π Azure Public IP Addresses are not evaluated periodically π’ | | π’ x3 |
| π Azure Storage Account Access Key Rotation Reminders are not enabled π’ | | π’ x3 |
| π Azure Storage Account Access Keys are not regenerated periodically π’ | | π’ x3 |
| π Azure Storage Account Shared Access Signature Tokens do not expire within 1 hour π’ | | π’ x3 |
| π Azure Storage Account With Critical Data is not encrypted with customer managed key π’ | | π’ x3 |
| π Azure Subscription Leaving Microsoft Entra ID Directory and Subscription Entering Microsoft Entra ID Directory is not set to Permit No One π’ | | π’ x3 |
| π Azure Subscription Microsoft Defender For IoT Hub is not set to On π’ | | π’ x3 |
| π Azure Subscription Resource Lock Administrator Custom Role does not exist π’ | | π’ x3 |
| π Azure Subscription Resources Basic SKU is used for production workloads π’ | | π’ x3 |
| π Azure Subscription Vulnerability Assessment is not auto provisioned π’ | | π’ x3 |
| π Azure Virtual Machine Endpoint Protection is not installed π’ | | π’ x3 |
| π Azure Virtual Machine Unapproved Extensions are installed π’ | | π’ x3 |
| π Consumer Google Accounts are used π’ | | π’ x3 |
| π Google Accounts are not configured with MFA π’ | | π’ x3 |
| π Google App Engine Application HTTPS Connection is not enforced π’ | | π’ x3 |
| π Google API Key is not restricted for unspecified hosts and apps π’ | | π’ x3 |
| π Google BigQuery Sensitive Data Protection is not in use π’ | | π’ x3 |
| π Google Cloud Access Transparency is not enabled π’ | | π’ x3 |
| π Google Cloud Function Environment Variables store confidential data π’ | | π’ x3 |
| π Google Cloud MySQL Instance allows anyone to connect with administrative privileges π’ | | π’ x3 |
| π Google GCE Instance doesn't have the latest operating system updates installed π’ | | π’ x3 |
| π Google HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites π’ | | π’ x3 |
| π Google Identity Aware Proxy (IAP) is not used to enforce access controls π’ | | π’ x3 |
| π Google KMS Crypto Key is anonymously or publicly accessible π π’ | | π x1, π’ x3 |
| π Google Organization Administrator Security Key Enforcement is not enabled π’ | | π’ x3 |
| π Microsoft Cloud Security Benchmark policies are disabled π’ | | π’ x3 |
| π Microsoft Defender Agentless Container Vulnerability Assessment Component is not enabled π’ | | π’ x3 |
| π Microsoft Defender Agentless Discovery for Kubernetes Component is not enabled π’ | | π’ x3 |
| π Microsoft Defender Agentless Scanning for Machines Component is not enabled π’ | | π’ x3 |
| π Microsoft Defender External Attack Surface Monitoring (EASM) is not enabled π’ | | π’ x3 |
| π Microsoft Defender File Integrity Monitoring Component is not enabled π’ | | π’ x3 |
| π Microsoft Defender Recommendations for Apply System Updates are not completed π’ | | π’ x3 |
| π Microsoft Entra ID Account Lockout Duration is not set 60 seconds or more π’ | | ��π’ x3 |
| π Microsoft Entra ID Account Lockout Threshold is not set to 10 or less π’ | | π’ x3 |
| π Microsoft Entra ID Allow Users To Remember MFA On Devices They Trust is enabled π’ | | π’ x3 |
| π Microsoft Entra ID Conditional Access By Location is not defined π’ | | π’ x3 |
| π Microsoft Entra ID Custom Banned Password List is not enforced π’ | | π’ x3 |
| π Microsoft Entra ID Device Code Authentication Flow is not restricted π’ | | π’ x3 |
| π Microsoft Entra ID Global Administrator Role assigned to more than 4 users π’ | | π’ x3 |
| π Microsoft Entra ID Guest Users are not reviewed on a regular basis π’ | | π’ x3 |
| π Microsoft Entra ID MFA For Administrators is not required π’ | | π’ x3 |
| π Microsoft Entra ID MFA For All Users is not required π’ | | π’ x3 |
| π Microsoft Entra ID MFA For Risky Sign-Ins is not required π’ | | π’ x3 |
| π Microsoft Entra ID MFA For Windows Azure Service Management API is not required π’ | | π’ x3 |
| π Microsoft Entra ID MFA to access Microsoft Admin Portals is not required π’ | | π’ x3 |
| π Microsoft Entra ID Named Locations are not defined π’ | | π’ x3 |
| π Microsoft Entra ID Non-Privileged User Multi-Factor Auth Status is not enabled π’ | | π’ x3 |
| π Microsoft Entra ID Owners Can Manage Group Membership Requests In The Access Panel is set to Yes π’ | | π’ x3 |
| π Microsoft Entra ID Privileged User Multi-Factor Auth Status is not enabled π’ | | π’ x3 |
| π Microsoft Entra ID Require MFA To Register Or Join Devices With Microsoft Entra ID is set to No π’ | | π’ x3 |
| π Microsoft Entra ID Restrict User Ability To Access Groups Features In The Access Pane is set to No π’ | | π’ x3 |
| π Microsoft Entra ID Security Defaults are not enabled π’ | | π’ x3 |
| π Microsoft Entra ID User Consent For Applications is not set to Allow From Verified Publishers π’ | | π’ x3 |
| π Microsoft Entra ID User Consent For Applications is not set to Do Not Allow User Consent π’ | | π’ x3 |
| π Microsoft Entra ID User Notify All Admins When Other Admins Reset Their Password is set No π’ | | π’ x3 |
| π Microsoft Entra ID User Notify Users On Password Resets is set to No π’ | | π’ x3 |
| π Microsoft Entra ID User Reconfirm Authentication Information is set to 0 π’ | | π’ x3 |
| π Microsoft Entra ID User Self-Service Password Reset does not require 2 authentication methods π’ | | π’ x3 |
| π Microsoft Entra ID User Settings Restrict Access To Microsoft Entra Admin Center is set to No π’ | | π’ x3 |
| π Microsoft Entra ID Users Can Create Microsoft 365 Groups In Azure Portals, API Or PowerShell is set to Yes π’ | | π’ x3 |
| π Microsoft Entra ID Users Can Create Security Groups In Azure Portals, API Or PowerShell is set to Yes π’ | | π’ x3 |
| π Mission-Critical Azure Resources do not use Resource Locks π’ | | π’ x3 |
| π Network Security Group Flow Logs are not captured and sent to Log Analytics Workspace π’ | | π’ x3 |
| π Privileged Azure Virtual Machine is accessed by identities without MFA π’ | | π’ x3 |