Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_K8S_0044Ensure that the --terminated-pod-gc-threshold argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0053Ensure that the --use-service-account-credentials argument is set to trueKubernetesIdentity and Access Management
LOW
AC_AZURE_0557Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requestsAzureData Protection
MEDIUM
AC_AWS_0004Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0006Ensure Amazon Machine Image (AMI) is not shared among multiple accountsAWSInfrastructure Security
MEDIUM
AC_AWS_0018Ensure encryption is enabled for AWS Athena QueryAWSData Protection
MEDIUM
AC_AWS_0070Ensure auto minor version upgrade is enabled for AWS Database Migration Service (DMS) instancesAWSSecurity Best Practices
MEDIUM
AC_AWS_0109Ensure latest version of elasticsearch engine is used for AWS ElasticSearch DomainsAWSCompliance Validation
MEDIUM
AC_AWS_0112Ensure encryption at-rest is enabled for AWS ElasticSearch DomainsAWSData Protection
HIGH
AC_AWS_0114Ensure node-to-node encryption is enabled for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0178Ensure customer owned KMS key is used for encrypting AWS MQ BrokersAWSData Protection
HIGH
AC_AWS_0451Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log GroupAWSData Protection
HIGH
AC_AWS_0460Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery StreamAWSData Protection
HIGH
AC_AZURE_0134Ensure that minimum TLS version is set to 1.2 for Azure MSSQL ServerAzureInfrastructure Security
MEDIUM
AC_AZURE_0224Ensure latest TLS/SSL version is in use for Azure API ManagementAzureInfrastructure Security
MEDIUM
AC_AZURE_0360Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_GCP_0016Ensure container-optimized OS (COS) is used for Google Container Node PoolGCPCompliance Validation
LOW
AC_GCP_0289Ensure cloud instance snapshots are encrypted through Google Compute SnapshotGCPData Protection
MEDIUM
AC_GCP_0366Ensure API Keys Are Restricted to Only APIs That Application Needs AccessGCPSecurity Best Practices
MEDIUM
AC_AZURE_0156Enable role-based access control (RBAC) within Azure Kubernetes ServicesAzureIdentity and Access Management
MEDIUM
AC_AZURE_0247Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_K8S_0032Ensure that the --audit-log-maxage argument is set to 30 or as appropriateKubernetesLogging and Monitoring
MEDIUM
S3_AWS_0005Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_AWS_0019Ensure there is no policy with Empty array ActionAWSIdentity and Access Management
LOW
AC_AWS_0223Ensure 'allow getAcl actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0224Ensure 'allow putAcl actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AZURE_0121Ensure HTTPS is enabled for Azure Windows Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0125Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0354Ensure that VPN Encryption is enabled for Azure Virtual WANAzureInfrastructure Security
MEDIUM
S3_AWS_0013Ensure there are no world-writeable AWS S3 Buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
S3_AWS_0014Ensure there are no world-readable AWS S3 Buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
AC_AZURE_0376Ensure that 'Auditing' is set to 'On'AzureLogging and Monitoring
MEDIUM
AC_K8S_0018Ensure that the --authorization-mode argument includes RBACKubernetesIdentity and Access Management
MEDIUM
S3_AWS_0015Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
AC_GCP_0015Ensure Node Auto-Repair is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_GCP_0027Ensure Master Authorized Networks is EnabledGCPInfrastructure Security
HIGH
AC_AWS_0097Ensure VPC is enabled for AWS Redshift ClusterAWSInfrastructure Security
MEDIUM
AC_AWS_0123Ensure access logging is enabled for AWS ELBAWSLogging and Monitoring
MEDIUM
AC_AWS_0164Ensure VPC access is enabled for AWS Lambda FunctionsAWSInfrastructure Security
MEDIUM
AC_AWS_0392Ensure public IP address is not used AWS EC2 instancesAWSInfrastructure Security
HIGH
AC_AWS_0399Ensure public IP address is not assigned to Amazon Elastic Container Service (ECS)AWSInfrastructure Security
HIGH
AC_AWS_0578Ensure AWS NAT Gateways are used instead of default routes for AWS Route TableAWSData Protection
HIGH
AC_AZURE_0092Ensure shared access policies are not used for IoT Hub Device Provisioning Service (DPS)AzureInfrastructure Security
HIGH
AC_AZURE_0098Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0101Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to falseAzureInfrastructure Security
HIGH
AC_AZURE_0102Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0109Ensure public IP addresses are not assigned to Azure Linux Virtual MachinesAzureSecurity Best Practices
HIGH
AC_AZURE_0206Ensure cross account access is disabled for Azure SQL Firewall RuleAzureIdentity and Access Management
MEDIUM