Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0198Ensure encryption is enabled for AWS Redshift clustersAWSData Protection
MEDIUM
AC_AWS_0206Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 BucketsAWSData Protection
HIGH
AC_AWS_0275Ensure no security groups is wide open to public, that is, allows traffic from 0.0.0.0/0 to ALL ports and protocolsAWSInfrastructure Security
HIGH
AC_AWS_0207Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_AWS_0172Ensure recommended SSL/TLS protocol version is used for AWS Elastic Load Balancers (ELB)AWSInfrastructure Security
HIGH
AC_AWS_0233Ensure Cassandra Client (TCP:9042) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0508Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0523Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0524Ensure LDAP (TCP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0526Ensure LDAP (TCP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0530Ensure Memcached SSL (TCP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0531Ensure Memcached SSL (TCP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0532Ensure Memcached SSL (TCP:11211) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0536Ensure Oracle DB (TCP:2483) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0537Ensure Oracle DB (TCP:2483) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0540Ensure Oracle DB (UDP:2483) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0186Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSData Protection
HIGH
AC_AWS_0137Eliminate use of the root user for administrative and daily tasksAWSCompliance Validation
MEDIUM
AC_AWS_0589Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AZURE_0412Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_GCP_0005Ensure That Service Account Has No Admin Privileges - google_project_iam_memberGCPIdentity and Access Management
HIGH
AC_AZURE_0342Ensure that RDP access is restricted from the internetAzureInfrastructure Security
HIGH
AC_AZURE_0357Ensure that UDP Services are restricted from the InternetAzureInfrastructure Security
HIGH
AC_AWS_0212Ensure there are no publicly writeable and readable AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AZURE_0394Ensure only SSL connections are enabled for Azure Redis CacheAzureInfrastructure Security
MEDIUM
AC_AWS_0065Ensure Amazon Relational Database Service (Amazon RDS) instance is not open to more than 256 hostsAWSInfrastructure Security
HIGH
AC_AWS_0066Ensure Amazon Relational Database Service (Amazon RDS) instances do not have public interface definedAWSInfrastructure Security
HIGH
AC_AWS_0394Ensure secure ciphers are used for AWS CloudFront distributionAWSData Protection
HIGH
AC_AZURE_0248Ensure That 'PHP version' is the Latest, If Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_AZURE_0570Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0591Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_AZURE_0413Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configurationAzureLogging and Monitoring
MEDIUM
AC_GCP_0251Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on'GCPCompliance Validation
LOW
AC_AZURE_0419Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'AzureResilience
MEDIUM
AC_AWS_0042Ensure standard password policy must be followed with password at least 14 characters longAWSIdentity and Access Management
MEDIUM
AC_AZURE_0136Ensure that 'Auditing' Retention is 'greater than 90 days'AzureLogging and Monitoring
MEDIUM
AC_AWS_0596Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AZURE_0373Ensure that 'Secure transfer required' is set to 'Enabled'AzureData Protection
HIGH
AC_GCP_0010Ensure That the Default Network Does Not Exist in a Project - google_projectGCPInfrastructure Security
LOW
AC_GCP_0234Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access EnabledGCPIdentity and Access Management
LOW
AC_GCP_0239Ensure That Service Account Has No Admin Privileges - google_storage_bucket_iam_memberGCPIdentity and Access Management
HIGH
AC_GCP_0253Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'GCPCompliance Validation
LOW
AC_AWS_0632Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_GCP_0004Ensure That There Are Only GCP-Managed Service Account Keys for Each Service AccountGCPIdentity and Access Management
LOW
AC_GCP_0028Ensure Legacy Authorization (ABAC) is DisabledGCPIdentity and Access Management
HIGH
AC_AWS_0049Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0434Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AWS_0138Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_GCP_0035Ensure Compute instances are launched with Shielded VM enabledGCPInfrastructure Security
LOW
AC_AWS_0209Ensure MFA Delete is enable on S3 bucketsAWSSecurity Best Practices
HIGH