Updating Rule reference Id's and Policy categories (#582)

tenable · Mar 9, 2021 · dbb5a91 · dbb5a91
1 parent 9546bcc
commit dbb5a91
Show file tree

Hide file tree

Showing 46 changed files with 93 additions and 93 deletions.
diff --git a/...thub_repository/accurics.gcp.IAM.145.json → ...github_repository/AC-GC-IA-GR-M-0001.json b/...thub_repository/accurics.gcp.IAM.145.json → ...github_repository/AC-GC-IA-GR-M-0001.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Repository is Not Private.",
-    "reference_id": "accurics.gcp.IAM.145",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-GR-M-0001",
+    "category": "Identity and Access Management",
     "version": 1
 }
diff --git a/...igquery_dataset/accurics.gcp.IAM.106.json → ..._bigquery_dataset/AC-GC-IA-BQ-H-0002.json b/...igquery_dataset/accurics.gcp.IAM.106.json → ..._bigquery_dataset/AC-GC-IA-BQ-H-0002.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "BigQuery datasets may be anonymously or publicly accessible.",
-    "reference_id": "accurics.gcp.IAM.106",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-BQ-H-0002",
+    "category": "Identity and Access Management",
     "version": 1
 }
diff --git a/...le_compute_disk/accurics.gcp.EKM.131.json → ...ogle_compute_disk/AC-GC-DP-CD-M-0003.json b/...le_compute_disk/accurics.gcp.EKM.131.json → ...ogle_compute_disk/AC-GC-DP-CD-M-0003.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) .",
-    "reference_id": "accurics.gcp.EKM.131",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-DP-CD-M-0003",
+    "category": "Data Protection",
     "version": 1
 }
diff --git a/...ompute_instance/accurics.gcp.EKM.132.json → ..._compute_instance/AC-GC-DP-CI-M-0196.json b/...ompute_instance/accurics.gcp.EKM.132.json → ..._compute_instance/AC-GC-DP-CI-M-0196.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "VM disks attached to a compute instance should be encrypted with Customer Supplied Encryption Keys (CSEK) .",
-    "reference_id": "accurics.gcp.EKM.132",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-DP-CI-M-0196",
+    "category": "Data Protection",
     "version": 1
 }
diff --git a/...ompute_instance/accurics.gcp.IAM.124.json → ..._compute_instance/AC-GC-IA-CI-M-0191.json b/...ompute_instance/accurics.gcp.IAM.124.json → ..._compute_instance/AC-GC-IA-CI-M-0191.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Instances may have been configured to use the default service account with full access to all Cloud APIs",
-    "reference_id": "accurics.gcp.IAM.124",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-CI-M-0191",
+    "category": "Identity and Access Management",
     "version": 1
 }
diff --git a/...ompute_instance/accurics.gcp.IAM.128.json → ..._compute_instance/AC-GC-IA-CI-M-0193.json b/...ompute_instance/accurics.gcp.IAM.128.json → ..._compute_instance/AC-GC-IA-CI-M-0193.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that no instance in the project overrides the project setting for enabling OSLogin",
-    "reference_id": "accurics.gcp.IAM.128",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-CI-M-0193",
+    "category": "Identity and Access Management",
     "version": 1
 }
diff --git a/...compute_instance/accurics.gcp.NS.125.json → ..._compute_instance/AC-GC-IS-CI-H-0190.json b/...compute_instance/accurics.gcp.NS.125.json → ..._compute_instance/AC-GC-IS-CI-H-0190.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Instances may have been configured to use the default service account with full access to all Cloud APIs",
-    "reference_id": "accurics.gcp.NS.125",
-    "category": "Access Control",
+    "reference_id": "AC-GC-IS-CI-H-0190",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...compute_instance/accurics.gcp.NS.126.json → ..._compute_instance/AC-GC-IS-CI-M-0192.json b/...compute_instance/accurics.gcp.NS.126.json → ..._compute_instance/AC-GC-IS-CI-M-0192.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure 'Block Project-wide SSH keys' is enabled for VM instances.",
-    "reference_id": "accurics.gcp.NS.126",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CI-M-0192",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...compute_instance/accurics.gcp.NS.129.json → ..._compute_instance/AC-GC-IS-CI-M-0194.json b/...compute_instance/accurics.gcp.NS.129.json → ..._compute_instance/AC-GC-IS-CI-M-0194.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure 'Enable connecting to serial ports' is not enabled for VM instances.",
-    "reference_id": "accurics.gcp.NS.129",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CI-M-0194",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...compute_instance/accurics.gcp.NS.130.json → ..._compute_instance/AC-GC-IS-CI-M-0195.json b/...compute_instance/accurics.gcp.NS.130.json → ..._compute_instance/AC-GC-IS-CI-M-0195.json
@@ -8,7 +8,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure IP forwarding is not enabled on Instances.",
-    "reference_id": "accurics.gcp.NS.130",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CI-M-0195",
+    "category": "Infrastructure Security",
     "version": 1
-}
+}
diff --git a/...compute_instance/accurics.gcp.NS.133.json → ..._compute_instance/AC-GC-IS-CI-M-0197.json b/...compute_instance/accurics.gcp.NS.133.json → ..._compute_instance/AC-GC-IS-CI-M-0197.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure Compute instances are launched with Shielded VM enabled.",
-    "reference_id": "accurics.gcp.NS.133",
-    "category": "Network Security ",
+    "reference_id": "AC-GC-IS-CI-M-0197",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...pute_ssl_policy/accurics.gcp.EKM.134.json → ...ompute_ssl_policy/AC-GC-IS-CP-M-0198.json b/...pute_ssl_policy/accurics.gcp.EKM.134.json → ...ompute_ssl_policy/AC-GC-IS-CP-M-0198.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites.",
-    "reference_id": "accurics.gcp.EKM.134",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-IS-CP-M-0198",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...pute_subnetwork/accurics.gcp.LOG.118.json → ...ompute_subnetwork/AC-GC-LM-CS-M-0199.json b/...pute_subnetwork/accurics.gcp.LOG.118.json → ...ompute_subnetwork/AC-GC-LM-CS-M-0199.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network.",
-    "reference_id": "accurics.gcp.LOG.118",
-    "category": "Logging ",
+    "reference_id": "AC-GC-LM-CS-M-0199",
+    "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/...ntainer_cluster/accurics.gcp.OPS.115.json → ...container_cluster/AC-GC-CV-CC-H-0207.json b/...ntainer_cluster/accurics.gcp.OPS.115.json → ...container_cluster/AC-GC-CV-CC-H-0207.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Cluster is created with Alias IP ranges enabled",
-    "reference_id": "accurics.gcp.OPS.115",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-CV-CC-H-0207",
+    "category": "Compliance Validation",
     "version": 1
 }
diff --git a/...ntainer_cluster/accurics.gcp.OPS.116.json → ...container_cluster/AC-GC-CV-CC-H-0210.json b/...ntainer_cluster/accurics.gcp.OPS.116.json → ...container_cluster/AC-GC-CV-CC-H-0210.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.OPS.116",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-CV-CC-H-0210",
+    "category": "Compliance Validation",
     "version": 1
 }
diff --git a/...ntainer_cluster/accurics.gcp.OPS.113.json → ...container_cluster/AC-GC-CV-CC-H-0213.json b/...ntainer_cluster/accurics.gcp.OPS.113.json → ...container_cluster/AC-GC-CV-CC-H-0213.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Clusters are configured with Labels.",
-    "reference_id": "accurics.gcp.OPS.113",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-CV-CC-H-0213",
+    "category": "Compliance Validation",
     "version": 1
 }
diff --git a/...ntainer_cluster/accurics.gcp.IAM.142.json → ...container_cluster/AC-GC-IA-CC-H-0204.json b/...ntainer_cluster/accurics.gcp.IAM.142.json → ...container_cluster/AC-GC-IA-CC-H-0204.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Legacy Authorization is set to disabled on Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.IAM.142",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-CC-H-0204",
+    "category": "Identity and Access Management",
     "version": 1
 }
diff --git a/...ntainer_cluster/accurics.gcp.IAM.104.json → ...container_cluster/AC-GC-IA-CC-H-0208.json b/...ntainer_cluster/accurics.gcp.IAM.104.json → ...container_cluster/AC-GC-IA-CC-H-0208.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Cluster is created with Client Certificate disabled.",
-    "reference_id": "accurics.gcp.IAM.104",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-CC-H-0208",
+    "category": "Identity and Access Management",
     "version": 1
-}
+}
diff --git a/...ntainer_cluster/accurics.gcp.IAM.110.json → ...container_cluster/AC-GC-IA-CC-H-0211.json b/...ntainer_cluster/accurics.gcp.IAM.110.json → ...container_cluster/AC-GC-IA-CC-H-0211.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure GKE basic auth is disabled.",
-    "reference_id": "accurics.gcp.IAM.110",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-CC-H-0211",
+    "category": "Identity and Access Management",
     "version": 1
 }
diff --git a/...ontainer_cluster/accurics.gcp.NS.112.json → ...container_cluster/AC-GC-IS-CC-H-0205.json b/...ontainer_cluster/accurics.gcp.NS.112.json → ...container_cluster/AC-GC-IS-CC-H-0205.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Master Authentication is set to enabled on Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.NS.112",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CC-H-0205",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...ontainer_cluster/accurics.gcp.NS.103.json → ...container_cluster/AC-GC-IS-CC-H-0206.json b/...ontainer_cluster/accurics.gcp.NS.103.json → ...container_cluster/AC-GC-IS-CC-H-0206.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Network policy is enabled on Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.NS.103",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CC-H-0206",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...ontainer_cluster/accurics.gcp.NS.109.json → ...container_cluster/AC-GC-IS-CC-H-0209.json b/...ontainer_cluster/accurics.gcp.NS.109.json → ...container_cluster/AC-GC-IS-CC-H-0209.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure GKE Control Plane is not public.",
-    "reference_id": "accurics.gcp.NS.109",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CC-H-0209",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...ontainer_cluster/accurics.gcp.NS.117.json → ...container_cluster/AC-GC-IS-CC-H-0212.json b/...ontainer_cluster/accurics.gcp.NS.117.json → ...container_cluster/AC-GC-IS-CC-H-0212.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Kubernetes Cluster is created with Private cluster enabled.",
-    "reference_id": "accurics.gcp.NS.117",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-CC-H-0212",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...ntainer_cluster/accurics.gcp.LOG.100.json → ...container_cluster/AC-GC-LM-CC-H-0202.json b/...ntainer_cluster/accurics.gcp.LOG.100.json → ...container_cluster/AC-GC-LM-CC-H-0202.json
@@ -7,7 +7,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure Stackdriver Logging is enabled on Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.LOG.100",
-    "category": "Logging",
+    "reference_id": "AC-GC-LM-CC-H-0202",
+    "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/...ntainer_cluster/accurics.gcp.MON.143.json → ...container_cluster/AC-GC-LM-CC-H-0203.json b/...ntainer_cluster/accurics.gcp.MON.143.json → ...container_cluster/AC-GC-LM-CC-H-0203.json
@@ -7,7 +7,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure Stackdriver Monitoring is enabled on Kubernetes Engine Clusters.",
-    "reference_id": "accurics.gcp.MON.143",
-    "category": "Monitoring",
+    "reference_id": "AC-GC-LM-CC-H-0203",
+    "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/...ainer_node_pool/accurics.gcp.OPS.114.json → ...ntainer_node_pool/AC-GC-CV-CN-H-0216.json b/...ainer_node_pool/accurics.gcp.OPS.114.json → ...ntainer_node_pool/AC-GC-CV-CN-H-0216.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image.",
-    "reference_id": "accurics.gcp.OPS.114",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-CV-CN-H-0216",
+    "category": "Compliance Validation",
     "version": 1
 }
diff --git a/...ainer_node_pool/accurics.gcp.OPS.101.json → ...ntainer_node_pool/AC-GC-SP-CN-H-0215.json b/...ainer_node_pool/accurics.gcp.OPS.101.json → ...ntainer_node_pool/AC-GC-SP-CN-H-0215.json
@@ -7,7 +7,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure 'Automatic node upgrade' is enabled for Kubernetes Clusters.",
-    "reference_id": "accurics.gcp.OPS.101",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-SP-CN-H-0215",
+    "category": "Security Best Practices",
     "version": 1
 }
diff --git a/...ainer_node_pool/accurics.gcp.OPS.144.json → ...ntainer_node_pool/AC-GC-SP-CN-M-0217.json b/...ainer_node_pool/accurics.gcp.OPS.144.json → ...ntainer_node_pool/AC-GC-SP-CN-M-0217.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure 'Automatic node repair' is enabled for Kubernetes Clusters.",
-    "reference_id": "accurics.gcp.OPS.144",
-    "category": "Operational Efficiency",
+    "reference_id": "AC-GC-SP-CN-M-0217",
+    "category": "Security Best Practices",
     "version": 1
 }
diff --git a/...dns_managed_zone/accurics.gcp.NS.107.json → ..._dns_managed_zone/AC-GC-IS-DZ-H-0218.json b/...dns_managed_zone/accurics.gcp.NS.107.json → ..._dns_managed_zone/AC-GC-IS-DZ-H-0218.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that DNSSEC is enabled for Cloud DNS.",
-    "reference_id": "accurics.gcp.NS.107",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-DZ-H-0218",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...ns_managed_zone/accurics.gcp.EKM.108.json → ..._dns_managed_zone/AC-GC-IS-DZ-H-0219.json b/...ns_managed_zone/accurics.gcp.EKM.108.json → ..._dns_managed_zone/AC-GC-IS-DZ-H-0219.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC.",
-    "reference_id": "accurics.gcp.EKM.108",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-IS-DZ-H-0219",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/..._kms_crypto_key/accurics.gcp.EKM.007.json → ...le_kms_crypto_key/AC-GC-SP-KC-H-0220.json b/..._kms_crypto_key/accurics.gcp.EKM.007.json → ...le_kms_crypto_key/AC-GC-SP-KC-H-0220.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure Encryption keys are rotated within a period of 365 days.",
-    "reference_id": "accurics.gcp.EKM.007",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-SP-KC-H-0220",
+    "category": "Security Best Practices",
     "version": 1
 }
diff --git a/..._kms_crypto_key/accurics.gcp.EKM.139.json → ...le_kms_crypto_key/AC-GC-SP-KC-M-0221.json b/..._kms_crypto_key/accurics.gcp.EKM.139.json → ...le_kms_crypto_key/AC-GC-SP-KC-M-0221.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure Encryption keys are rotated within a period of 90 days.",
-    "reference_id": "accurics.gcp.EKM.139",
-    "category": "Encryption \u0026 Key Management",
+    "reference_id": "AC-GC-SP-KC-M-0221",
+    "category": "Security Best Practices",
     "version": 1
 }
diff --git a/...p/google_project/accurics.gcp.NS.119.json → ...cp/google_project/AC-GC-IS-PR-M-0222.json b/...p/google_project/accurics.gcp.NS.119.json → ...cp/google_project/AC-GC-IS-PR-M-0222.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure that the default network does not exist in a project.",
-    "reference_id": "accurics.gcp.NS.119",
-    "category": "Network Security",
+    "reference_id": "AC-GC-IS-PR-M-0222",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...am_audit_config/accurics.gcp.LOG.010.json → ..._iam_audit_config/AC-GC-LM-PA-H-0223.json b/...am_audit_config/accurics.gcp.LOG.010.json → ..._iam_audit_config/AC-GC-LM-PA-H-0223.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that Cloud Audit Logging is configured properly across all services and all users from a project.",
-    "reference_id": "accurics.gcp.LOG.010",
-    "category": "Logging",
+    "reference_id": "AC-GC-LM-PA-H-0223",
+    "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/...ect_iam_binding/accurics.gcp.IAM.150.json → ...oject_iam_binding/AC-GC-IA-PB-H-0224.json b/...ect_iam_binding/accurics.gcp.IAM.150.json → ...oject_iam_binding/AC-GC-IA-PB-H-0224.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure that corporate login credentials are used instead of Gmail accounts.",
-    "reference_id": "accurics.gcp.IAM.150",
+    "reference_id": "AC-GC-IA-PB-H-0224",
     "category": "Identity and Access Management",
     "version": 1
 }
diff --git a/...ect_iam_binding/accurics.gcp.IAM.136.json → ...oject_iam_binding/AC-GC-IA-PB-M-0225.json b/...ect_iam_binding/accurics.gcp.IAM.136.json → ...oject_iam_binding/AC-GC-IA-PB-M-0225.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level.",
-    "reference_id": "accurics.gcp.IAM.136",
-    "category": "Identity \u0026 Access Management",
+    "reference_id": "AC-GC-IA-PB-M-0225",
+    "category": "Identity and Access Management",
     "version": 1
 }