Revert "Updating Rule reference Id's and Policy categories (tenable#582…

…)" This reverts commit dbb5a91.
kanchwala-yusuf · Mar 9, 2021 · 3a804d8 · 3a804d8
1 parent 451d53b
commit 3a804d8
Show file tree

Hide file tree

Showing 46 changed files with 93 additions and 93 deletions.
diff --git a/...github_repository/AC-GC-IA-GR-M-0001.json → ...thub_repository/accurics.gcp.IAM.145.json b/...github_repository/AC-GC-IA-GR-M-0001.json → ...thub_repository/accurics.gcp.IAM.145.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Repository is Not Private.",
-    "reference_id": "AC-GC-IA-GR-M-0001",
-    "category": "Identity and Access Management",
+    "reference_id": "accurics.gcp.IAM.145",
+    "category": "Identity \u0026 Access Management",
     "version": 1
 }
diff --git a/..._bigquery_dataset/AC-GC-IA-BQ-H-0002.json → ...igquery_dataset/accurics.gcp.IAM.106.json b/..._bigquery_dataset/AC-GC-IA-BQ-H-0002.json → ...igquery_dataset/accurics.gcp.IAM.106.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "BigQuery datasets may be anonymously or publicly accessible.",
-    "reference_id": "AC-GC-IA-BQ-H-0002",
-    "category": "Identity and Access Management",
+    "reference_id": "accurics.gcp.IAM.106",
+    "category": "Identity \u0026 Access Management",
     "version": 1
 }
diff --git a/...ogle_compute_disk/AC-GC-DP-CD-M-0003.json → ...le_compute_disk/accurics.gcp.EKM.131.json b/...ogle_compute_disk/AC-GC-DP-CD-M-0003.json → ...le_compute_disk/accurics.gcp.EKM.131.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) .",
-    "reference_id": "AC-GC-DP-CD-M-0003",
-    "category": "Data Protection",
+    "reference_id": "accurics.gcp.EKM.131",
+    "category": "Encryption \u0026 Key Management",
     "version": 1
 }
diff --git a/..._compute_instance/AC-GC-DP-CI-M-0196.json → ...ompute_instance/accurics.gcp.EKM.132.json b/..._compute_instance/AC-GC-DP-CI-M-0196.json → ...ompute_instance/accurics.gcp.EKM.132.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "VM disks attached to a compute instance should be encrypted with Customer Supplied Encryption Keys (CSEK) .",
-    "reference_id": "AC-GC-DP-CI-M-0196",
-    "category": "Data Protection",
+    "reference_id": "accurics.gcp.EKM.132",
+    "category": "Encryption \u0026 Key Management",
     "version": 1
 }
diff --git a/..._compute_instance/AC-GC-IA-CI-M-0191.json → ...ompute_instance/accurics.gcp.IAM.124.json b/..._compute_instance/AC-GC-IA-CI-M-0191.json → ...ompute_instance/accurics.gcp.IAM.124.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Instances may have been configured to use the default service account with full access to all Cloud APIs",
-    "reference_id": "AC-GC-IA-CI-M-0191",
-    "category": "Identity and Access Management",
+    "reference_id": "accurics.gcp.IAM.124",
+    "category": "Identity \u0026 Access Management",
     "version": 1
 }
diff --git a/..._compute_instance/AC-GC-IA-CI-M-0193.json → ...ompute_instance/accurics.gcp.IAM.128.json b/..._compute_instance/AC-GC-IA-CI-M-0193.json → ...ompute_instance/accurics.gcp.IAM.128.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that no instance in the project overrides the project setting for enabling OSLogin",
-    "reference_id": "AC-GC-IA-CI-M-0193",
-    "category": "Identity and Access Management",
+    "reference_id": "accurics.gcp.IAM.128",
+    "category": "Identity \u0026 Access Management",
     "version": 1
 }
diff --git a/..._compute_instance/AC-GC-IS-CI-H-0190.json → ...compute_instance/accurics.gcp.NS.125.json b/..._compute_instance/AC-GC-IS-CI-H-0190.json → ...compute_instance/accurics.gcp.NS.125.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Instances may have been configured to use the default service account with full access to all Cloud APIs",
-    "reference_id": "AC-GC-IS-CI-H-0190",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.125",
+    "category": "Access Control",
     "version": 1
 }
diff --git a/..._compute_instance/AC-GC-IS-CI-M-0192.json → ...compute_instance/accurics.gcp.NS.126.json b/..._compute_instance/AC-GC-IS-CI-M-0192.json → ...compute_instance/accurics.gcp.NS.126.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure 'Block Project-wide SSH keys' is enabled for VM instances.",
-    "reference_id": "AC-GC-IS-CI-M-0192",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.126",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/..._compute_instance/AC-GC-IS-CI-M-0194.json → ...compute_instance/accurics.gcp.NS.129.json b/..._compute_instance/AC-GC-IS-CI-M-0194.json → ...compute_instance/accurics.gcp.NS.129.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure 'Enable connecting to serial ports' is not enabled for VM instances.",
-    "reference_id": "AC-GC-IS-CI-M-0194",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.129",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/..._compute_instance/AC-GC-IS-CI-M-0195.json → ...compute_instance/accurics.gcp.NS.130.json b/..._compute_instance/AC-GC-IS-CI-M-0195.json → ...compute_instance/accurics.gcp.NS.130.json
@@ -8,7 +8,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure IP forwarding is not enabled on Instances.",
-    "reference_id": "AC-GC-IS-CI-M-0195",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.130",
+    "category": "Network Security",
     "version": 1
-}
+}
diff --git a/..._compute_instance/AC-GC-IS-CI-M-0197.json → ...compute_instance/accurics.gcp.NS.133.json b/..._compute_instance/AC-GC-IS-CI-M-0197.json → ...compute_instance/accurics.gcp.NS.133.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure Compute instances are launched with Shielded VM enabled.",
-    "reference_id": "AC-GC-IS-CI-M-0197",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.133",
+    "category": "Network Security ",
     "version": 1
 }
diff --git a/...ompute_ssl_policy/AC-GC-IS-CP-M-0198.json → ...pute_ssl_policy/accurics.gcp.EKM.134.json b/...ompute_ssl_policy/AC-GC-IS-CP-M-0198.json → ...pute_ssl_policy/accurics.gcp.EKM.134.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites.",
-    "reference_id": "AC-GC-IS-CP-M-0198",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.EKM.134",
+    "category": "Encryption \u0026 Key Management",
     "version": 1
 }
diff --git a/...ompute_subnetwork/AC-GC-LM-CS-M-0199.json → ...pute_subnetwork/accurics.gcp.LOG.118.json b/...ompute_subnetwork/AC-GC-LM-CS-M-0199.json → ...pute_subnetwork/accurics.gcp.LOG.118.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network.",
-    "reference_id": "AC-GC-LM-CS-M-0199",
-    "category": "Logging and Monitoring",
+    "reference_id": "accurics.gcp.LOG.118",
+    "category": "Logging ",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-IA-CC-H-0208.json → ...ntainer_cluster/accurics.gcp.IAM.104.json b/...container_cluster/AC-GC-IA-CC-H-0208.json → ...ntainer_cluster/accurics.gcp.IAM.104.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Cluster is created with Client Certificate disabled.",
-    "reference_id": "AC-GC-IA-CC-H-0208",
-    "category": "Identity and Access Management",
+    "reference_id": "accurics.gcp.IAM.104",
+    "category": "Identity \u0026 Access Management",
     "version": 1
-}
+}
diff --git a/...container_cluster/AC-GC-IA-CC-H-0211.json → ...ntainer_cluster/accurics.gcp.IAM.110.json b/...container_cluster/AC-GC-IA-CC-H-0211.json → ...ntainer_cluster/accurics.gcp.IAM.110.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure GKE basic auth is disabled.",
-    "reference_id": "AC-GC-IA-CC-H-0211",
-    "category": "Identity and Access Management",
+    "reference_id": "accurics.gcp.IAM.110",
+    "category": "Identity \u0026 Access Management",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-IA-CC-H-0204.json → ...ntainer_cluster/accurics.gcp.IAM.142.json b/...container_cluster/AC-GC-IA-CC-H-0204.json → ...ntainer_cluster/accurics.gcp.IAM.142.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Legacy Authorization is set to disabled on Kubernetes Engine Clusters.",
-    "reference_id": "AC-GC-IA-CC-H-0204",
-    "category": "Identity and Access Management",
+    "reference_id": "accurics.gcp.IAM.142",
+    "category": "Identity \u0026 Access Management",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-LM-CC-H-0202.json → ...ntainer_cluster/accurics.gcp.LOG.100.json b/...container_cluster/AC-GC-LM-CC-H-0202.json → ...ntainer_cluster/accurics.gcp.LOG.100.json
@@ -7,7 +7,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure Stackdriver Logging is enabled on Kubernetes Engine Clusters.",
-    "reference_id": "AC-GC-LM-CC-H-0202",
-    "category": "Logging and Monitoring",
+    "reference_id": "accurics.gcp.LOG.100",
+    "category": "Logging",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-LM-CC-H-0203.json → ...ntainer_cluster/accurics.gcp.MON.143.json b/...container_cluster/AC-GC-LM-CC-H-0203.json → ...ntainer_cluster/accurics.gcp.MON.143.json
@@ -7,7 +7,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure Stackdriver Monitoring is enabled on Kubernetes Engine Clusters.",
-    "reference_id": "AC-GC-LM-CC-H-0203",
-    "category": "Logging and Monitoring",
+    "reference_id": "accurics.gcp.MON.143",
+    "category": "Monitoring",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-IS-CC-H-0206.json → ...ontainer_cluster/accurics.gcp.NS.103.json b/...container_cluster/AC-GC-IS-CC-H-0206.json → ...ontainer_cluster/accurics.gcp.NS.103.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Network policy is enabled on Kubernetes Engine Clusters.",
-    "reference_id": "AC-GC-IS-CC-H-0206",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.103",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-IS-CC-H-0209.json → ...ontainer_cluster/accurics.gcp.NS.109.json b/...container_cluster/AC-GC-IS-CC-H-0209.json → ...ontainer_cluster/accurics.gcp.NS.109.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure GKE Control Plane is not public.",
-    "reference_id": "AC-GC-IS-CC-H-0209",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.109",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-IS-CC-H-0205.json → ...ontainer_cluster/accurics.gcp.NS.112.json b/...container_cluster/AC-GC-IS-CC-H-0205.json → ...ontainer_cluster/accurics.gcp.NS.112.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Master Authentication is set to enabled on Kubernetes Engine Clusters.",
-    "reference_id": "AC-GC-IS-CC-H-0205",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.112",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-IS-CC-H-0212.json → ...ontainer_cluster/accurics.gcp.NS.117.json b/...container_cluster/AC-GC-IS-CC-H-0212.json → ...ontainer_cluster/accurics.gcp.NS.117.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Cluster is created with Private cluster enabled.",
-    "reference_id": "AC-GC-IS-CC-H-0212",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.117",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-CV-CC-H-0213.json → ...ntainer_cluster/accurics.gcp.OPS.113.json b/...container_cluster/AC-GC-CV-CC-H-0213.json → ...ntainer_cluster/accurics.gcp.OPS.113.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Clusters are configured with Labels.",
-    "reference_id": "AC-GC-CV-CC-H-0213",
-    "category": "Compliance Validation",
+    "reference_id": "accurics.gcp.OPS.113",
+    "category": "Operational Efficiency",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-CV-CC-H-0207.json → ...ntainer_cluster/accurics.gcp.OPS.115.json b/...container_cluster/AC-GC-CV-CC-H-0207.json → ...ntainer_cluster/accurics.gcp.OPS.115.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Cluster is created with Alias IP ranges enabled",
-    "reference_id": "AC-GC-CV-CC-H-0207",
-    "category": "Compliance Validation",
+    "reference_id": "accurics.gcp.OPS.115",
+    "category": "Operational Efficiency",
     "version": 1
 }
diff --git a/...container_cluster/AC-GC-CV-CC-H-0210.json → ...ntainer_cluster/accurics.gcp.OPS.116.json b/...container_cluster/AC-GC-CV-CC-H-0210.json → ...ntainer_cluster/accurics.gcp.OPS.116.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters.",
-    "reference_id": "AC-GC-CV-CC-H-0210",
-    "category": "Compliance Validation",
+    "reference_id": "accurics.gcp.OPS.116",
+    "category": "Operational Efficiency",
     "version": 1
 }
diff --git a/...ntainer_node_pool/AC-GC-SP-CN-H-0215.json → ...ainer_node_pool/accurics.gcp.OPS.101.json b/...ntainer_node_pool/AC-GC-SP-CN-H-0215.json → ...ainer_node_pool/accurics.gcp.OPS.101.json
@@ -7,7 +7,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure 'Automatic node upgrade' is enabled for Kubernetes Clusters.",
-    "reference_id": "AC-GC-SP-CN-H-0215",
-    "category": "Security Best Practices",
+    "reference_id": "accurics.gcp.OPS.101",
+    "category": "Operational Efficiency",
     "version": 1
 }
diff --git a/...ntainer_node_pool/AC-GC-CV-CN-H-0216.json → ...ainer_node_pool/accurics.gcp.OPS.114.json b/...ntainer_node_pool/AC-GC-CV-CN-H-0216.json → ...ainer_node_pool/accurics.gcp.OPS.114.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image.",
-    "reference_id": "AC-GC-CV-CN-H-0216",
-    "category": "Compliance Validation",
+    "reference_id": "accurics.gcp.OPS.114",
+    "category": "Operational Efficiency",
     "version": 1
 }
diff --git a/...ntainer_node_pool/AC-GC-SP-CN-M-0217.json → ...ainer_node_pool/accurics.gcp.OPS.144.json b/...ntainer_node_pool/AC-GC-SP-CN-M-0217.json → ...ainer_node_pool/accurics.gcp.OPS.144.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure 'Automatic node repair' is enabled for Kubernetes Clusters.",
-    "reference_id": "AC-GC-SP-CN-M-0217",
-    "category": "Security Best Practices",
+    "reference_id": "accurics.gcp.OPS.144",
+    "category": "Operational Efficiency",
     "version": 1
 }
diff --git a/..._dns_managed_zone/AC-GC-IS-DZ-H-0219.json → ...ns_managed_zone/accurics.gcp.EKM.108.json b/..._dns_managed_zone/AC-GC-IS-DZ-H-0219.json → ...ns_managed_zone/accurics.gcp.EKM.108.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC.",
-    "reference_id": "AC-GC-IS-DZ-H-0219",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.EKM.108",
+    "category": "Encryption \u0026 Key Management",
     "version": 1
 }
diff --git a/..._dns_managed_zone/AC-GC-IS-DZ-H-0218.json → ...dns_managed_zone/accurics.gcp.NS.107.json b/..._dns_managed_zone/AC-GC-IS-DZ-H-0218.json → ...dns_managed_zone/accurics.gcp.NS.107.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that DNSSEC is enabled for Cloud DNS.",
-    "reference_id": "AC-GC-IS-DZ-H-0218",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.107",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/...le_kms_crypto_key/AC-GC-SP-KC-H-0220.json → ..._kms_crypto_key/accurics.gcp.EKM.007.json b/...le_kms_crypto_key/AC-GC-SP-KC-H-0220.json → ..._kms_crypto_key/accurics.gcp.EKM.007.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Encryption keys are rotated within a period of 365 days.",
-    "reference_id": "AC-GC-SP-KC-H-0220",
-    "category": "Security Best Practices",
+    "reference_id": "accurics.gcp.EKM.007",
+    "category": "Encryption \u0026 Key Management",
     "version": 1
 }
diff --git a/...le_kms_crypto_key/AC-GC-SP-KC-M-0221.json → ..._kms_crypto_key/accurics.gcp.EKM.139.json b/...le_kms_crypto_key/AC-GC-SP-KC-M-0221.json → ..._kms_crypto_key/accurics.gcp.EKM.139.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure Encryption keys are rotated within a period of 90 days.",
-    "reference_id": "AC-GC-SP-KC-M-0221",
-    "category": "Security Best Practices",
+    "reference_id": "accurics.gcp.EKM.139",
+    "category": "Encryption \u0026 Key Management",
     "version": 1
 }
diff --git a/...cp/google_project/AC-GC-IS-PR-M-0222.json → ...p/google_project/accurics.gcp.NS.119.json b/...cp/google_project/AC-GC-IS-PR-M-0222.json → ...p/google_project/accurics.gcp.NS.119.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure that the default network does not exist in a project.",
-    "reference_id": "AC-GC-IS-PR-M-0222",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.gcp.NS.119",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/..._iam_audit_config/AC-GC-LM-PA-H-0223.json → ...am_audit_config/accurics.gcp.LOG.010.json b/..._iam_audit_config/AC-GC-LM-PA-H-0223.json → ...am_audit_config/accurics.gcp.LOG.010.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that Cloud Audit Logging is configured properly across all services and all users from a project.",
-    "reference_id": "AC-GC-LM-PA-H-0223",
-    "category": "Logging and Monitoring",
+    "reference_id": "accurics.gcp.LOG.010",
+    "category": "Logging",
     "version": 1
 }
diff --git a/...oject_iam_binding/AC-GC-IA-PB-M-0225.json → ...ect_iam_binding/accurics.gcp.IAM.136.json b/...oject_iam_binding/AC-GC-IA-PB-M-0225.json → ...ect_iam_binding/accurics.gcp.IAM.136.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level.",
-    "reference_id": "AC-GC-IA-PB-M-0225",
-    "category": "Identity and Access Management",
+    "reference_id": "accurics.gcp.IAM.136",
+    "category": "Identity \u0026 Access Management",
     "version": 1
 }
diff --git a/...oject_iam_binding/AC-GC-IA-PB-H-0224.json → ...ect_iam_binding/accurics.gcp.IAM.150.json b/...oject_iam_binding/AC-GC-IA-PB-H-0224.json → ...ect_iam_binding/accurics.gcp.IAM.150.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that corporate login credentials are used instead of Gmail accounts.",
-    "reference_id": "AC-GC-IA-PB-H-0224",
+    "reference_id": "accurics.gcp.IAM.150",
     "category": "Identity and Access Management",
     "version": 1
 }