More Info:

AWS S3 buckets should not allow public READ_ACP access. Granting public “READ_ACP” access to your S3 buckets can allow everyone on the Internet to see who controls your objects. Malicious users can use this information to find S3 objects with misconfigured permissions and implement probing techniques to help them gain access to your S3 data.

Risk Level

Medium

Address

Security

Compliance Standards

PCIDSS, NIST

Triage and Remediation

Remediation

Using Console

Additional Reading: