Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0385Ensure public access is disabled for Amazon Simple Notification Service (SNS)AWSIdentity and Access Management
HIGH
AC_AWS_0397Ensure multiple ENI are not attached to a single AWS InstanceAWSSecurity Best Practices
LOW
AC_AWS_0406Ensure NotResource is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0407Ensure Effect is set to 'Deny' if Resource is used in Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0411Ensure there is no IAM policy with empty SID valueAWSIdentity and Access Management
LOW
AC_AWS_0416Ensure there is no IAM policy with a condition element having ForAnyValue Condition Operator with empty key-value pairAWSIdentity and Access Management
LOW
AC_AWS_0421Ensure there is no IAM policy with empty array resourceAWSIdentity and Access Management
LOW
AC_AWS_0422Ensure AWS Redshift Snapshot Retention Policy is more than 7 daysAWSCompliance Validation
MEDIUM
AC_AWS_0427Ensure hardware MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH
AC_AWS_0437Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshotsAWSInfrastructure Security
MEDIUM
AC_AWS_0439Ensure authorization is enabled for AWS API Gateway MethodAWSInfrastructure Security
HIGH
AC_AWS_0441Ensure HTTP2 is enabled for AWS LB (Load Balancer)AWSInfrastructure Security
LOW
AC_AWS_0442Ensure access logging is enabled for AWS API Gateway V2 APIAWSSecurity Best Practices
MEDIUM
AC_AWS_0450Ensure no wildcards are being used in AWS API Gateway Rest API PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0452Ensure log retention policy is set for AWS CloudWatch Log GroupAWSSecurity Best Practices
MEDIUM
AC_AWS_0454Ensure one HTTPS listener is configured for AWS Load BalancerAWSInfrastructure Security
HIGH
AC_AWS_0455Ensure monitoring is enabled for AWS Launch ConfigurationAWSLogging and Monitoring
HIGH
AC_AWS_0459Ensure detailed monitoring is enabled for AWS EC2 instancesAWSCompliance Validation
LOW
AC_AWS_0468Ensure encryption is enabled for AWS Athena DatabaseAWSData Protection
HIGH
AC_AWS_0475Ensure redundant resources are not used for AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0476Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policyAWSIdentity and Access Management
LOW
AC_AWS_0491Ensure CloudTrail created sns policy have a condition key with either aws:SourceArn or aws:SourceAccount condition key used in Amazon Simple Notification Service (SNS) TopicAWSIdentity and Access Management
LOW
AC_AWS_0492Ensure use of NotAction with NotResource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0494Ensure Creation of SLR with star (*) in action and resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0506Ensure valid account number format is used in AWS EFS File System PolicyAWSSecurity Best Practices
LOW
AC_AWS_0515Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0527Ensure LDAP (UDP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0533Ensure Memcached SSL (UDP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0538Ensure Oracle DB (TCP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0542Ensure Redis without SSL (TCP:6379) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0547Ensure there is an encrypted connection between AWS CloudFront server and Origin serverAWSData Protection
HIGH
AC_AWS_0554Ensure there is only one active access key available for any single IAM userAWSIdentity and Access Management
MEDIUM
AC_AWS_0555Ensure IAM instance roles are used for AWS resource access from instancesAWSIdentity and Access Management
MEDIUM
AC_AWS_0560Ensure a log metric filter and alarm exist for usage of 'root' accountAWSSecurity Best Practices
HIGH
AC_AWS_0563Ensure a log metric filter and alarm exist for AWS Management Console authentication failuresAWSSecurity Best Practices
HIGH
AC_AWS_0565Ensure a log metric filter and alarm exist for S3 bucket policy changesAWSSecurity Best Practices
HIGH
AC_AWS_0570Ensure a log metric filter and alarm exist for route table changesAWSSecurity Best Practices
HIGH
AC_AWS_0585Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AWS_0592Ensure that encryption is enabled for EFS file systemsAWSData Protection
HIGH
AC_AWS_0597Ensure MFA is enabled for the 'root' user accountAWSCompliance Validation
HIGH
AC_AWS_0613Ensure AWS Lambda function is configured with a Dead Letter QueueAWSLogging and Monitoring
LOW
AC_AWS_0619Ensure AWS Lambda function permissions have a source ARN specifiedAWSIdentity and Access Management
MEDIUM
S3_AWS_0004Ensure versioning is enabled for AWS S3 Buckets - Terraform Version 1.xAWSResilience
HIGH
S3_AWS_0009Ensure that Object-level logging for read events is enabled for S3 bucket - Terraform Version 1.xAWSIdentity and Access Management
HIGH
S3_AWS_0016Ensure MFA Delete is enabled on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_AWS_0085Ensure permissions are tightly controlled for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
HIGH
AC_AWS_0165Ensure environment variables do not use AWS secret keys, access keys, or access tokens for AWS Lambda FunctionsAWSIdentity and Access Management
HIGH
AC_AWS_0210Ensure there are no publicly listable AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0429Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 BucketsAWSData Protection
HIGH
AC_AWS_0631Ensure AWS Security Hub is enabledAWSInfrastructure Security
MEDIUM