Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0404Ensure Principal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0405Ensure NotPrincipal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0410Ensure wildcards(*) are only at end of strings in Action of AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0425Ensure root access is disabled for AWS SageMaker Notebook instancesAWSSecurity Best Practices
HIGH
AC_AWS_0433Ensure cloud users don't have any direct permissions in AWS IAM User Policy AttachmentAWSIdentity and Access Management
MEDIUM
AC_AWS_0436Ensure automatic backups are enabled for AWS Elasticache ClusterAWSData Protection
MEDIUM
AC_AWS_0478Ensure that IP range is specified in CIDR format for AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0479Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS)AWSIdentity and Access Management
LOW
AC_AWS_0482Ensure there is no policy with invalid principal key for AWS S3 Bucket policyAWSIdentity and Access Management
LOW
AC_AWS_0489Ensure Creation of SLR with NotResource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0495Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AZURE_0115Ensure that authentication feature is enabled for Azure Linux Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0139Ensure regular backups are enabled for Azure MariaDB ServerAzureResilience
MEDIUM
AC_AZURE_0253Ensure system-assigned managed identity authentication is used for Azure Data FactoryAzureInfrastructure Security
MEDIUM
AC_AZURE_0290Ensure that Azure policies add-on are used for Azure Kubernetes ClusterAzureSecurity Best Practices
MEDIUM
AC_AZURE_0362Ensure boot diagnostics are enabled for Azure Virtual MachineAzureLogging and Monitoring
MEDIUM
AC_AZURE_0550Ensure disk encryption is enabled for Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_GCP_0022Ensure PodSecurityPolicy controller is enabled on Google Container ClusterGCPCompliance Validation
HIGH
AC_GCP_0274Ensure OSLogin is enabled for centralized SSH key pair management using Google ProjectGCPIdentity and Access Management
MEDIUM
AC_GCP_0275Ensure multi-factor authentication is enabled for Google Compute Project MetadataGCPSecurity Best Practices
LOW
AC_AWS_0607Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_GCP_0236Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_access_controlGCPInfrastructure Security
MEDIUM
AC_K8S_0023Ensure that the admission control plugin ServiceAccount is setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0036Ensure that the --service-account-lookup argument is set to trueKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0052Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
LOW
AC_AWS_0646Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AZURE_0559Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' RequestsAzureData Protection
MEDIUM
AC_AWS_0603Ensure that public access is not given to Amazon Relational Database Service (Amazon RDS) InstanceAWSCompliance Validation
MEDIUM
AC_K8S_0116Ensure Kubernetes Network policy attached to a pod have Ingress/Egress blocks specifiedKubernetesInfrastructure Security
MEDIUM
AC_K8S_0093Ensure that the --kubelet-certificate-authority argument is set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0128Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'AzureData Protection
MEDIUM
AC_AZURE_0246Ensure that 'Java version' is the latest, if used to run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_K8S_0033Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_AWS_0597Ensure MFA is enabled for the 'root' user accountAWSCompliance Validation
HIGH
AC_AWS_0609Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0226Ensure secrets should be auto-rotated after not more than 90 daysAWSCompliance Validation
HIGH
AC_AWS_0470Ensure cloud users don't have any direct permissions in AWS IAM User PolicyAWSIdentity and Access Management
MEDIUM
AC_AZURE_0416Ensure that traffic analytics is enabled via Azure Network Watcher Flow LogAzureSecurity Best Practices
MEDIUM
AC_AZURE_0418Ensure that Network Watcher is 'Enabled'AzureLogging and Monitoring
HIGH
AC_GCP_0038Ensure default setting for OSLogin is not overridden by Google Compute InstanceGCPIdentity and Access Management
LOW
AC_AWS_0134Ensure password policy requires at least one lowercase character for AWS IAM Account Password PolicyAWSCompliance Validation
LOW
AC_AZURE_0216Ensure that a 'Diagnostics Setting' existsAzureLogging and Monitoring
MEDIUM
AC_AZURE_0324Ensure that Microsoft Defender for Container Registries is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0331Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selectedAzureCompliance Validation
MEDIUM
AC_K8S_0030Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0042Ensure that the --encryption-provider-config argument is set as appropriateKubernetesData Protection
MEDIUM
AC_AZURE_0552Enable Role Based Access Control for Azure Key VaultAzureData Protection
LOW
AC_AZURE_0169Ensure that logging for Azure KeyVault is 'Enabled'AzureLogging and Monitoring
HIGH
AC_K8S_0021Ensure that the admission control plugin AlwaysPullImages is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0026Ensure that the admission control plugin NodeRestriction is setKubernetesIdentity and Access Management
MEDIUM