Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0050Ensure `arn` prefix is in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0053Ensure IAM authentication is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
MEDIUM
AC_AWS_0119Ensure permissions are tightly controlled for AWS ElasticSearch DomainsAWSIdentity and Access Management
HIGH
AC_AWS_0183Ensure IAM database authentication has been enabled for AWS Neptune clusterAWSIdentity and Access Management
MEDIUM
AC_AWS_0388Ensure field-level encryption is enabled for AWS CloudFront distributionAWSData Protection
MEDIUM
AC_AWS_0390Ensure origin access identity is enabled for AWS CloudFront distributions with S3 originAWSIdentity and Access Management
MEDIUM
AC_AWS_0393Ensure automated backup using EFS Backup policy is enabled for AWS Elastic File System (EFS)AWSResilience
MEDIUM
AC_AWS_0401Ensure encryption at rest is enabled for AWS Backup VaultAWSInfrastructure Security
MEDIUM
AC_AWS_0402Ensure wildcards(*) are not used in IAM policies for AWS Backup Vault PolicyAWSInfrastructure Security
MEDIUM
AC_AWS_0435Ensure access logging is enabled for AWS LB (Load Balancer)AWSLogging and Monitoring
MEDIUM
AC_AWS_0466Ensure IAM policy is attached to Amazon Elastic Container Registry (Amazon ECR) repositoryAWSIdentity and Access Management
MEDIUM
AC_AWS_0471Ensure correct combination of JSON policy elements is used in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0474Ensure global condition key is not used in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0493Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0496Ensure IAM Policies were not configured with versions in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0498Ensure there is no IAM policy with invalid condition operatorAWSIdentity and Access Management
LOW
AC_AWS_0501Ensure Adding a valid base64-encoded string value for the condition operatorAWSIdentity and Access Management
LOW
AC_AWS_0618Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLsAWSIdentity and Access Management
MEDIUM
AC_AZURE_0113Ensure backup is enabled using Azure Backup for Azure Linux Virtual MachinesAzureSecurity Best Practices
LOW
AC_AZURE_0375Ensure that 'Auditing' Retention is 'greater than 90 days'AzureCompliance Validation
LOW
AC_GCP_0025Ensure use of VPC-native clustersGCPCompliance Validation
HIGH
AC_GCP_0030Ensure Stackdriver Kubernetes Logging and Monitoring is EnabledGCPLogging and Monitoring
HIGH
AC_GCP_0337Ensure Cloud Asset Inventory Is EnabledGCPLogging and Monitoring
MEDIUM
AC_K8S_0090Ensure that the --basic-auth-file argument is not setKubernetesIdentity and Access Management
MEDIUM
AC_AZURE_0389Ensure resource lock enabled for Azure Resource GroupAzureIdentity and Access Management
LOW
AC_AWS_0448Ensure log retention period of at least 90 days retention period for AWS CloudWatch Log GroupAWSSecurity Best Practices
HIGH
AC_AZURE_0142Ensure CORS is tightly controlled and managed for Azure Linux Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0279Ensure notification email setting is enabled for Azure SQL Database Threat Detection PolicyAzureLogging and Monitoring
LOW
AC_AWS_0204Ensure CloudWatch logging is enabled for AWS Route53 hosted zonesAWSLogging and Monitoring
MEDIUM
AC_AWS_0214Ensure versioning is enabled for AWS S3 BucketsAWSResilience
HIGH
AC_AWS_0387Ensure that access policy does not allow anonymous access for AWS Secrets ManagerAWSSecurity Best Practices
HIGH
AC_AWS_0036Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
AC_AWS_0595Ensure access keys are rotated every 90 days or lessAWSIdentity and Access Management
MEDIUM
AC_AZURE_0401Ensure that Azure Active Directory Admin is configuredAzureIdentity and Access Management
HIGH
AC_K8S_0024Ensure that the admission control plugin NamespaceLifecycle is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0065Ensure that a unique Certificate Authority is used for etcdKubernetesInfrastructure Security
MEDIUM
AC_K8S_0095Ensure that the --authorization-mode argument includes NodeKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0102Ensure impersonate access to Kubernetes resources is minimized in Kubernetes RoleKubernetesIdentity and Access Management
HIGH
AC_GCP_0358Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket LockGCPLogging and Monitoring
LOW
AC_GCP_0365Ensure API Keys Only Exist for Active ServicesGCPSecurity Best Practices
MEDIUM
S3_AWS_0003Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_AZURE_0253Ensure system-assigned managed identity authentication is used for Azure Data FactoryAzureInfrastructure Security
MEDIUM
AC_AZURE_0290Ensure that Azure policies add-on are used for Azure Kubernetes ClusterAzureSecurity Best Practices
MEDIUM
AC_AZURE_0362Ensure boot diagnostics are enabled for Azure Virtual MachineAzureLogging and Monitoring
MEDIUM
AC_AZURE_0550Ensure disk encryption is enabled for Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_GCP_0022Ensure PodSecurityPolicy controller is enabled on Google Container ClusterGCPCompliance Validation
HIGH
AC_GCP_0274Ensure OSLogin is enabled for centralized SSH key pair management using Google ProjectGCPIdentity and Access Management
MEDIUM
AC_GCP_0275Ensure multi-factor authentication is enabled for Google Compute Project MetadataGCPSecurity Best Practices
LOW
AC_AWS_0025Ensure there is no policy with invalid principal format for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
LOW
AC_AWS_0027Ensure there is no IAM policy with invalid partition used for resource ARNAWSIdentity and Access Management
LOW