Detections
Analytics

Tenable Cloud Security Policies

Search

IDNameCSPDomainSeverity
AC_AWS_0603Ensure that public access is not given to Amazon Relational Database Service (Amazon RDS) InstanceAWSCompliance Validation
MEDIUM
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_AWS_0605Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AWS_0606Ensure MFA Delete is enabled on S3 bucketsAWSSecurity Best Practices
HIGH
AC_AWS_0607Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AWS_0608Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_AWS_0609Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0610Ensure no security groups allow ingress from ::/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0611Ensure AWS Security Hub is enabledAWSInfrastructure Security
MEDIUM
AC_AWS_0612Ensure VPC flow logging is enabled in all VPCsAWSLogging and Monitoring
LOW
AC_AWS_0613Ensure AWS Lambda function is configured with a Dead Letter QueueAWSLogging and Monitoring
LOW
AC_AWS_0614Ensure AWS Lambda Functions have associated tagsAWSCompliance Validation
LOW
AC_AWS_0615Ensure AWS Lambda functions are configured to use provisioned concurrencyAWSResilience
LOW
AC_AWS_0616Ensure Code Signing is enabled for AWS Lambda functionsAWSData Protection
HIGH
AC_AWS_0618Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLsAWSIdentity and Access Management
MEDIUM
AC_AWS_0619Ensure AWS Lambda function permissions have a source ARN specifiedAWSIdentity and Access Management
MEDIUM
AC_AWS_0620Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Notification Service (SNS) TopicAWSIdentity and Access Management
LOW
AC_AWS_0626Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_AWS_0627Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0628Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLsAWSIdentity and Access Management
MEDIUM
AC_AWS_0631Ensure AWS Security Hub is enabledAWSInfrastructure Security
MEDIUM
AC_AWS_0632Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0633Ensure that IAM Access analyzer is enabled for all regionsAWSInfrastructure Security
MEDIUM
AC_AWS_0634Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH
AC_AWS_0646Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AZURE_0001Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0002Ensure notification email setting is enabled for Azure SQL Database Threat Detection PolicyAzureLogging and Monitoring
LOW
AC_AZURE_0003Ensure that 'Threat Detection' is enabled for Azure SQL DatabaseAzureLogging and Monitoring
MEDIUM
AC_AZURE_0019Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_AZURE_0021Ensure Soft Delete is Enabled for Azure Containers and Blob StorageAzureData Protection
MEDIUM
AC_AZURE_0025Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account AccessAzureInfrastructure Security
HIGH
AC_AZURE_0026Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0028Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults.AzureData Protection
HIGH
AC_AZURE_0036Ensure the storage account containing the container with activity logs is encrypted with Customer Managed KeyAzureData Protection
MEDIUM
AC_AZURE_0038Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL ServerAzureIdentity and Access Management
MEDIUM
AC_AZURE_0039Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0040Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0044Ensure that Azure Active Directory Admin is Configured for SQL ServersAzureIdentity and Access Management
HIGH
AC_AZURE_0045Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP)AzureInfrastructure Security
MEDIUM
AC_AZURE_0046Ensure 'Additional email addresses' is Configured with a Security Contact EmailAzureLogging and Monitoring
MEDIUM
AC_AZURE_0047Ensure That 'All users with the following roles' is set to 'Owner'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0048Ensure That 'Notify about alerts with the following severity' is Set to 'High'AzureLogging and Monitoring
MEDIUM
AC_AZURE_0053Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureInfrastructure Security
HIGH
AC_AZURE_0058Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'AzureResilience
MEDIUM
AC_AZURE_0059Ensure that HTTP(S) access from the Internet is evaluated and restrictedAzureInfrastructure Security
LOW
AC_AZURE_0060Ensure that UDP access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AZURE_0061Ensure that SSH access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AZURE_0062Ensure that RDP access from the Internet is evaluated and restrictedAzureInfrastructure Security
HIGH
AC_AZURE_0066Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed keyAzureData Protection
MEDIUM
AC_AZURE_0069Ensure that Activity Log Alert exists for Create or Update Public IP Address ruleAzureLogging and Monitoring
MEDIUM