Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0388Ensure field-level encryption is enabled for AWS CloudFront distributionAWSData Protection
MEDIUM
AC_AWS_0390Ensure origin access identity is enabled for AWS CloudFront distributions with S3 originAWSIdentity and Access Management
MEDIUM
AC_AWS_0391Ensure 'public IP on launch' is not enabled for AWS SubnetsAWSInfrastructure Security
MEDIUM
AC_AWS_0393Ensure automated backup using EFS Backup policy is enabled for AWS Elastic File System (EFS)AWSResilience
MEDIUM
AC_AWS_0396Ensure requests greater than 8 KB are blocked by AWS Web Application FirewallAWSSecurity Best Practices
HIGH
AC_AWS_0401Ensure encryption at rest is enabled for AWS Backup VaultAWSInfrastructure Security
MEDIUM
AC_AWS_0402Ensure wildcards(*) are not used in IAM policies for AWS Backup Vault PolicyAWSInfrastructure Security
MEDIUM
AC_AWS_0413Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP addressAWSIdentity and Access Management
LOW
AC_AWS_0424Ensure direct access from the internet is disabled for AWS SageMaker Notebook instancesAWSData Protection
HIGH
AC_AWS_0426Ensure that initial login requires password reset for AWS IAM UsersAWSCompliance Validation
HIGH
AC_AWS_0432Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0435Ensure access logging is enabled for AWS LB (Load Balancer)AWSLogging and Monitoring
MEDIUM
AC_AWS_0438Ensure that there are no orphan in AWS IAM groupsAWSCompliance Validation
LOW
AC_AWS_0440Ensure deletion protection is enabled for AWS LB (Load Balancer)AWSInfrastructure Security
MEDIUM
AC_AWS_0446Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AWS_0466Ensure IAM policy is attached to Amazon Elastic Container Registry (Amazon ECR) repositoryAWSIdentity and Access Management
MEDIUM
AC_AWS_0471Ensure correct combination of JSON policy elements is used in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0474Ensure global condition key is not used in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0485Ensure there is no policy with an invalid principal format for Amazon Simple Queue Service (SQS) TopicAWSIdentity and Access Management
LOW
AC_AWS_0493Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0496Ensure IAM Policies were not configured with versions in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0498Ensure there is no IAM policy with invalid condition operatorAWSIdentity and Access Management
LOW
AC_AWS_0501Ensure Adding a valid base64-encoded string value for the condition operatorAWSIdentity and Access Management
LOW
AC_AWS_0502Ensure valid account number format is used in Amazon Simple Notification Service (SNS) TopicAWSSecurity Best Practices
LOW
AC_AWS_0503Ensure valid account number format is used in Amazon Simple Queue Service (SQS) QueueAWSSecurity Best Practices
LOW
AC_AWS_0511Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0512Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0518Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0522Ensure Cassandra Thrift (TCP:9160) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0541Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0545Ensure environment variables do not contain any credentials in AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AWS_0549Ensure geo-restriction is enabled for AWS CloudFrontAWSInfrastructure Security
LOW
AC_AWS_0564Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKsAWSSecurity Best Practices
HIGH
AC_AWS_0567Ensure a log metric filter and alarm exist for security group changesAWSSecurity Best Practices
HIGH
AC_AWS_0574Ensure that Object-level logging for write events is enabled for S3 bucketAWSIdentity and Access Management
HIGH
AC_AWS_0577Ensure tags are defined for AWS NAT GatewaysAWSSecurity Best Practices
LOW
AC_AWS_0579Ensure multiple availability zones are used to deploy AWS NAT GatewaysAWSSecurity Best Practices
MEDIUM
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_AWS_0607Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AWS_0610Ensure no security groups allow ingress from ::/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0618Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLsAWSIdentity and Access Management
MEDIUM
AC_AWS_0632Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0646Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AWS_0002Ensure AWS Certificate Manager (ACM) certificates are renewed 30 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0003Ensure AWS Certificate Manager (ACM) certificates are renewed 7 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0005Ensure encryption is enabled for Amazon Machine Image (AMI)AWSInfrastructure Security
MEDIUM
AC_AWS_0008Ensure stage caching is enabled for AWS API Gateway Method SettingsAWSCompliance Validation
MEDIUM
AC_AWS_0011Ensure that the endpoint type is set to private for API Gateway Rest APIAWSInfrastructure Security
MEDIUM
AC_AWS_0020Ensure failover criteria is set for AWS Cloudfront DistributionAWSResilience
MEDIUM
AC_AWS_0023Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policyAWSIdentity and Access Management
LOW