Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0550Ensure actions '*' and resource '*' are not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AZURE_0157Ensure that pod security policy is enabled for Azure Kubernetes ClusterAzureConfiguration and Vulnerability Analysis
HIGH
AC_AZURE_0278Ensure HTTP is disallowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AWS_0145Ensure that full access to edit IAM Policies is restrictedAWSIdentity and Access Management
HIGH
AC_AZURE_0329Ensure custom script extensions are not used in Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_K8S_0087Minimize the admission of root containersKubernetesIdentity and Access Management
HIGH
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_GCP_0282Ensure That Compute Instances Do Not Have Public IP AddressesGCPInfrastructure Security
MEDIUM
AC_AWS_0004Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0006Ensure Amazon Machine Image (AMI) is not shared among multiple accountsAWSInfrastructure Security
MEDIUM
AC_AWS_0018Ensure encryption is enabled for AWS Athena QueryAWSData Protection
MEDIUM
AC_AWS_0070Ensure auto minor version upgrade is enabled for AWS Database Migration Service (DMS) instancesAWSSecurity Best Practices
MEDIUM
AC_AWS_0109Ensure latest version of elasticsearch engine is used for AWS ElasticSearch DomainsAWSCompliance Validation
MEDIUM
AC_AWS_0112Ensure encryption at-rest is enabled for AWS ElasticSearch DomainsAWSData Protection
HIGH
AC_AWS_0114Ensure node-to-node encryption is enabled for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0178Ensure customer owned KMS key is used for encrypting AWS MQ BrokersAWSData Protection
HIGH
AC_AWS_0451Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log GroupAWSData Protection
HIGH
AC_AWS_0460Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery StreamAWSData Protection
HIGH
AC_AZURE_0134Ensure that minimum TLS version is set to 1.2 for Azure MSSQL ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0224Ensure latest TLS/SSL version is in use for Azure API ManagementAzureInfrastructure Security
MEDIUM
AC_AZURE_0360Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_GCP_0016Ensure container-optimized OS (COS) is used for Google Container Node PoolGCPCompliance Validation
LOW
AC_GCP_0289Ensure cloud instance snapshots are encrypted through Google Compute SnapshotGCPData Protection
MEDIUM
AC_AZURE_0214Ensure Azure Keyvaults are used to store secretsAzureData Protection
LOW
AC_AZURE_0356Ensure every subnet block is configured with a Network Security Group in Azure Virtual NetworkAzureInfrastructure Security
MEDIUM
AC_AZURE_0385Ensure that standard pricing tiers are selected in Azure Security Center Subscription PricingAzureSecurity Best Practices
MEDIUM
AC_GCP_0233Ensure logging is enabled for Google Cloud Storage BucketsGCPLogging and Monitoring
LOW
AC_AWS_0386Ensure that inline policy does not expose secrets in AWS Secrets ManagerAWSSecurity Best Practices
HIGH
AC_AWS_0019Ensure there is no policy with Empty array ActionAWSIdentity and Access Management
LOW
AC_AWS_0223Ensure 'allow getAcl actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0224Ensure 'allow putAcl actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AZURE_0121Ensure HTTPS is enabled for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0125Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0354Ensure that VPN Encryption is enabled for Azure Virtual WANAzureInfrastructure Security
MEDIUM
S3_AWS_0013Ensure there are no world-writeable AWS S3 Buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
S3_AWS_0014Ensure there are no world-readable AWS S3 Buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
AC_AWS_0044Ensure 'password policy' is enabled - at least 1 lower case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0075Ensure deletion protection is enabled for AWS DocumentDB ClustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0117Ensure latest TLS version is used for AWS ElasticSearch NodesAWSInfrastructure Security
MEDIUM
AC_AWS_0154Ensure IMDSv1 is disabled for AWS EC2 instancesAWSInfrastructure Security
HIGH
AC_AWS_0367Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway VolumesAWSSecurity Best Practices
HIGH
AC_AWS_0375Ensure server-side encryption (SSE) is enforced for AWS DynamoDB tablesAWSData Protection
MEDIUM
AC_AWS_0376Ensure server side encryption (SSE) is using a customer-managed KMS Key for AWS DynamoDB tablesAWSData Protection
HIGH
AC_AWS_0379Ensure all data stored is encrypted in-transit for AWS Elasticache Replication GroupAWSData Protection
HIGH
AC_AWS_0380Ensure all data stored is encrypted in-transit and has auth token for authentication for AWS Elasticache Replication GroupAWSData Protection
HIGH
AC_AWS_0423Ensure SSL is enforced for parameter groups associated with AWS Redshift clustersAWSInfrastructure Security
MEDIUM
AC_AWS_0463Ensure Transit Encryption is enabled for Amazon Elastic Container Service (ECS) Task Definition using Elastic File System (EFS) VolumesAWSInfrastructure Security
MEDIUM
AC_AWS_0576Ensure private subnets are not used to deploy AWS NAT GatewaysAWSData Protection
HIGH
AC_AZURE_0095Ensure TLS 1.2 or greater is used for IoT HubAzureInfrastructure Security
HIGH
AC_AZURE_0151Ensure LinuxDiagnostic is enabled for Azure Linux Virtual Machine Scale SetAzureCompliance Validation
MEDIUM