Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0633Ensure that IAM Access analyzer is enabled for all regionsAWSInfrastructure Security
MEDIUM
AC_AWS_0001Ensure AWS ACM only has certificates with single domain names, and none with wildcard domain namesAWSCompliance Validation
LOW
AC_AWS_0009Ensure stage cache have encryption enabled for AWS API Gateway Method SettingsAWSLogging and Monitoring
MEDIUM
AC_AWS_0021Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0022Ensure termination protection is enabled for AWS CloudFormation StackAWSSecurity Best Practices
MEDIUM
AC_AWS_0024Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
LOW
AC_AWS_0028Ensure IAM policies with wildcard (*) resource and NotAction are not attached or usedAWSIdentity and Access Management
HIGH
AC_AWS_0029Ensure correct key format is used for condition in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0033Ensure CloudTrail logs are encrypted at rest using KMS CMKsAWSLogging and Monitoring
HIGH
AC_AWS_0036Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
AC_AWS_0038Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AWS_0039Ensure data events logging is enabled for AWS CloudTrail trailsAWSLogging and Monitoring
MEDIUM
AC_AWS_0043Ensure temporary passwords are not valid for more than 90 daysAWSIdentity and Access Management
MEDIUM
AC_AWS_0048Ensure Elastic Block Store (EBS) volumes are encrypted through AWS ConfigAWSData Protection
MEDIUM
AC_AWS_0060Ensure that Multi-AZ is enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSCompliance Validation
MEDIUM
AC_AWS_0063Ensure delete protection is enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSResilience
MEDIUM
AC_AWS_0065Ensure Amazon Relational Database Service (Amazon RDS) instance is not open to more than 256 hostsAWSInfrastructure Security
HIGH
AC_AWS_0066Ensure Amazon Relational Database Service (Amazon RDS) instances do not have public interface definedAWSInfrastructure Security
HIGH
AC_AWS_0072Ensure backup retention period is set according to best practice for AWS DocumentDB clustersAWSData Protection
MEDIUM
AC_AWS_0073Ensure KMS customer managed keys are used for encryption of AWS DocumentDB ClustersAWSData Protection
MEDIUM
AC_AWS_0074Ensure log export is enabled for AWS DocumentDB clustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0077Ensure read-write capacities are reserved for AWS DynamoDB tablesAWSCompliance Validation
MEDIUM
AC_AWS_0080Ensure EBS volume encryption is enabledAWSData Protection
HIGH
AC_AWS_0083Ensure scan on push is enabled on Amazon Elastic Container Registry (Amazon ECR) repositoryAWSConfiguration and Vulnerability Analysis
MEDIUM
AC_AWS_0100Ensure control plane logging is enabled for all log types for AWS Elastic Kubernetes Service (EKS) clustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0102Ensure redis version is compliant with AWS PCI-DSS requirements for AWS ElastiCache clustersAWSCompliance Validation
HIGH
AC_AWS_0103Ensure memcached elasticache engines are not in use in AWS PCI-DSS environments for AWS ElastiCache clustersAWSCompliance Validation
HIGH
AC_AWS_0107Ensure dedicated master nodes are enabled for AWS ElasticSearch DomainsAWSLogging and Monitoring
MEDIUM
AC_AWS_0108Ensure general purpose SSD node type is not used for AWS ElasticSearch DomainsAWSCompliance Validation
HIGH
AC_AWS_0115Ensure HTTPS-only is enforced for AWS ElasticSearch DomainAWSInfrastructure Security
MEDIUM
AC_AWS_0118Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain_policyAWSIdentity and Access Management
HIGH
AC_AWS_0122Ensure connection draining is enabled for AWS ELBAWSResilience
MEDIUM
AC_AWS_0135Ensure IAM password policy requires at least one uppercase letterAWSCompliance Validation
MEDIUM
AC_AWS_0140Ensure IAM password policy prevents password reuseAWSCompliance Validation
LOW
AC_AWS_0144Ensure IAM policies that allow full "*:*" administrative privileges are not attachedAWSIdentity and Access Management
HIGH
AC_AWS_0146Ensure IAM policies that allow full administrative privileges are not created and attached inline to a roleAWSIdentity and Access Management
HIGH
AC_AWS_0149Ensure no user can assume the role without MFA is specified in the condition parameter of AWS IAM User PolicyAWSCompliance Validation
LOW
AC_AWS_0156Ensure cross-zone load balancing is enabled for AWS LB (Load Balancer)AWSResilience
MEDIUM
AC_AWS_0166Ensure at-rest data encryption is enabled for AWS ECS clustersAWSData Protection
LOW
AC_AWS_0167Ensure at-rest data encryption is enabled for AWS EBS Root Block clusterAWSData Protection
HIGH
AC_AWS_0169Ensure there are no URL references used in base64 encoded value of AWS Launch ConfigurationAWSData Protection
HIGH
AC_AWS_0172Ensure recommended SSL/TLS protocol version is used for AWS Elastic Load Balancers (ELB)AWSInfrastructure Security
HIGH
AC_AWS_0173Ensure a default root object is configured for AWS Cloudfront DistributionAWSInfrastructure Security
MEDIUM
AC_AWS_0176Ensure active/standby deployment mode is used for AWS MQ BrokersAWSResilience
MEDIUM
AC_AWS_0182Ensure storage encryption is enabled for AWS Neptune clusterAWSData Protection
HIGH
AC_AWS_0185Ensure external principals are allowed for AWS RAM resourcesAWSData Protection
MEDIUM
AC_AWS_0189Ensure Aurora Serverless AutoPause is enabled for Amazon Relational Database Service (Amazon RDS) clustersAWSCompliance Validation
MEDIUM
AC_AWS_0195Ensure policy with iam:Passrole/* action and NotResource attributes is not usedAWSIdentity and Access Management
HIGH
AC_AWS_0213Ensure IAM policies that allow full "*:*" administrative privileges are not attached with control towerAWSIdentity and Access Management
LOW
AC_AWS_0217Ensure 'allow all actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH