diff --git a/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AC-AW-IS-CD-M-1186.json b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AC-AW-IS-CD-M-1186.json
new file mode 100644
index 000000000..10c2bb423
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AC-AW-IS-CD-M-1186.json
@@ -0,0 +1,10 @@
+{
+    "name": "noWafEnabled",
+    "file": "noWafEnabled.rego",
+    "template_args": null,
+    "severity": "Medium",
+    "description": "Ensure that cloud-front has web application firewall enabled",
+    "reference_id": "AC-AW-IS-CD-M-1186",
+    "category": "Encryption and Key Management",
+    "version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/noWafEnabled.rego b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/noWafEnabled.rego
new file mode 100644
index 000000000..b35c77da7
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/noWafEnabled.rego
@@ -0,0 +1,17 @@
+package accurics
+
+noWafEnabled[retVal] {
+    cloudfront := input.aws_cloudfront_distribution[_]
+    not cloudfront.config.web_acl_id
+
+    traverse = "web_acl_id"
+    retVal := { "Id": cloudfront.id, "ReplaceType": "add", "CodeType": "attribute", "Traverse": traverse, "Attribute": traverse, "AttributeDataType": "string", "Expected": "<arn-of-waf-acl>", "Actual": null }
+}
+
+noWafEnabled[retVal] {
+    cloudfront := input.aws_cloudfront_distribution[_]
+    cloudfront.config.web_acl_id == null
+
+    traverse = "web_acl_id"
+    retVal := { "Id": cloudfront.id, "ReplaceType": "add", "CodeType": "attribute", "Traverse": traverse, "Attribute": traverse, "AttributeDataType": "string", "Expected": "<arn-of-waf-acl>", "Actual": null }
+}