Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0374Ensure data encryption is enabled for AWS X-RayAWSData Protection
HIGH
AC_AWS_0431Ensure cloud users don't have any direct permissions in AWS IAM PolicyAWSIdentity and Access Management
MEDIUM
AC_AWS_0445Ensure policies are used for AWS CloudFormation StacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0453Ensure one target group is configured to listen on HTTPS for AWS Load BalancerAWSInfrastructure Security
HIGH
AC_AWS_0462Ensure no policy is attached that may cause privilege escalation for AWS IAM Role PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0465Ensure secrets are encrypted using AWS KMS key for AWS Secrets ManagerAWSData Protection
MEDIUM
AC_AWS_0469Ensure EMR cluster is Configured with Kerberos AuthenticationAWSInfrastructure Security
MEDIUM
AC_AWS_0473Ensure principal element is not empty in AWS IAM Trust PolicyAWSIdentity and Access Management
LOW
AC_AWS_0480Ensure there is no policy with invalid principal key for AWS Key Management Service (KMS)AWSIdentity and Access Management
LOW
AC_AWS_0488Ensure there is no IAM policy with invalid policy elementAWSIdentity and Access Management
LOW
AC_AWS_0490Ensure '*' in Action and NotResource is not allowed in AWS IAM Policy as this allow creation of unintended service-linked rolesAWSIdentity and Access Management
HIGH
AC_AWS_0497Ensure a valid boolean value (true or false) is used for the Bool condition operator in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0550Ensure actions '*' and resource '*' are not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AZURE_0157Ensure that pod security policy is enabled for Azure Kubernetes ClusterAzureConfiguration and Vulnerability Analysis
HIGH
AC_AZURE_0278Ensure HTTP is disallowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AWS_0145Ensure that full access to edit IAM Policies is restrictedAWSIdentity and Access Management
HIGH
AC_AZURE_0329Ensure custom script extensions are not used in Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_K8S_0007Ensure that the --authorization-mode argument is not set to AlwaysAllowKubernetesIdentity and Access Management
HIGH
AC_K8S_0056Ensure that the RotateKubeletServerCertificate argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0064Apply Security Context to Your Pods and ContainersKubernetesInfrastructure Security
MEDIUM
AC_AWS_0140Ensure IAM password policy prevents password reuseAWSCompliance Validation
LOW
AC_AWS_0144Ensure IAM policies that allow full "*:*" administrative privileges are not attachedAWSIdentity and Access Management
HIGH
AC_AWS_0594Ensure no 'root' user account access key existsAWSIdentity and Access Management
HIGH
AC_AWS_0601Ensure hardware MFA is enabled for the 'root' user accountAWSCompliance Validation
HIGH
AC_AZURE_0214Ensure Azure Keyvaults are used to store secretsAzureData Protection
LOW
AC_AZURE_0356Ensure every subnet block is configured with a Network Security Group in Azure Virtual NetworkAzureInfrastructure Security
MEDIUM
AC_AZURE_0385Ensure that standard pricing tiers are selected in Azure Security Center Subscription PricingAzureSecurity Best Practices
MEDIUM
AC_GCP_0233Ensure logging is enabled for Google Cloud Storage BucketsGCPLogging and Monitoring
LOW
AC_AWS_0386Ensure that inline policy does not expose secrets in AWS Secrets ManagerAWSSecurity Best Practices
HIGH
AC_AWS_0160Ensure rotation for customer created CMKs is enabledAWSData Protection
HIGH
AC_AZURE_0590Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database ServerAzureResilience
MEDIUM
AC_AWS_0583Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_K8S_0006Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0087Minimize the admission of root containersKubernetesIdentity and Access Management
HIGH
AC_AWS_0044Ensure 'password policy' is enabled - at least 1 lower case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0075Ensure deletion protection is enabled for AWS DocumentDB ClustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0117Ensure latest TLS version is used for AWS ElasticSearch NodesAWSInfrastructure Security
MEDIUM
AC_AWS_0154Ensure IMDSv1 is disabled for AWS EC2 instancesAWSInfrastructure Security
HIGH
AC_AWS_0367Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway VolumesAWSSecurity Best Practices
HIGH
AC_AWS_0375Ensure server-side encryption (SSE) is enforced for AWS DynamoDB tablesAWSData Protection
MEDIUM
AC_AWS_0376Ensure server side encryption (SSE) is using a customer-managed KMS Key for AWS DynamoDB tablesAWSData Protection
HIGH
AC_AWS_0379Ensure all data stored is encrypted in-transit for AWS Elasticache Replication GroupAWSData Protection
HIGH
AC_AWS_0380Ensure all data stored is encrypted in-transit and has auth token for authentication for AWS Elasticache Replication GroupAWSData Protection
HIGH
AC_AWS_0423Ensure SSL is enforced for parameter groups associated with AWS Redshift clustersAWSInfrastructure Security
MEDIUM
AC_AWS_0463Ensure Transit Encryption is enabled for Amazon Elastic Container Service (ECS) Task Definition using Elastic File System (EFS) VolumesAWSInfrastructure Security
MEDIUM
AC_AWS_0576Ensure private subnets are not used to deploy AWS NAT GatewaysAWSData Protection
HIGH
AC_AZURE_0095Ensure TLS 1.2 or greater is used for IoT HubAzureInfrastructure Security
HIGH
AC_AZURE_0151Ensure LinuxDiagnostic is enabled for Azure Linux Virtual Machine Scale SetAzureCompliance Validation
MEDIUM
AC_AZURE_0168Ensure access level is set to 'Read' for Azure Managed Disk SAS TokenAzureData Protection
MEDIUM
AC_AZURE_0173Ensure 'ReadOnly' cache is enabled on Data disks with read heavy operations to get higher read IOPS for Azure ImageAzureCompliance Validation
LOW