Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0001Ensure AWS ACM only has certificates with single domain names, and none with wildcard domain namesAWSCompliance Validation
LOW
AC_AWS_0021Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0022Ensure termination protection is enabled for AWS CloudFormation StackAWSSecurity Best Practices
MEDIUM
AC_AWS_0048Ensure Elastic Block Store (EBS) volumes are encrypted through AWS ConfigAWSData Protection
MEDIUM
AC_AWS_0185Ensure external principals are allowed for AWS RAM resourcesAWSData Protection
MEDIUM
AC_AZURE_0096Ensure IP addresses are masked in the logs for IoT HubAzureInfrastructure Security
LOW
AC_AZURE_0100Ensure that the attribute 'ip_filter_deny_all' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0166Ensure that RSA keys have the specified minimum key size for Azure Key Vault CertificateAzureCompliance Validation
HIGH
AC_AZURE_0169Ensure that logging for Azure KeyVault is 'Enabled'AzureLogging and Monitoring
HIGH
AC_AZURE_0219Ensure that only Azure integrated certificate authorities are in use for issuing certificates used in Azure Key Vault CertificateAzureCompliance Validation
MEDIUM
AC_AZURE_0251Ensure key size is set on all keys for Azure Key Vault KeyAzureSecurity Best Practices
MEDIUM
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_GCP_0012Ensure a key rotation mechanism within a 365 day period is implemented for Google KMS Crypto KeyGCPSecurity Best Practices
LOW
AC_AZURE_0163Ensure that the Expiration Date is set for all Secrets in RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0167Ensure the Key Vault is RecoverableAzureData Protection
MEDIUM
AC_GCP_0313Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly AccessibleGCPData Protection
MEDIUM
AC_GCP_0337Ensure Cloud Asset Inventory Is EnabledGCPLogging and Monitoring
MEDIUM
AC_GCP_0365Ensure API Keys Only Exist for Active ServicesGCPSecurity Best Practices
MEDIUM
AC_K8S_0006Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0008Ensure that a Client CA File is ConfiguredKubernetesIdentity and Access Management
HIGH
AC_K8S_0010Ensure that the --read-only-port is disabledKubernetesIdentity and Access Management
LOW
AC_K8S_0104Minimize wildcard use in Roles and ClusterRolesKubernetesIdentity and Access Management
HIGH
AC_AWS_0004Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0160Ensure rotation for customer created CMKs is enabledAWSData Protection
HIGH
AC_AWS_0226Ensure secrets should be auto-rotated after not more than 90 daysAWSCompliance Validation
HIGH
AC_AWS_0458Ensure principal is defined for every IAM policy attached to AWS Key Management Service (KMS) keyAWSIdentity and Access Management
HIGH
AC_AWS_0479Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS)AWSIdentity and Access Management
LOW
AC_AWS_0602Ensure rotation for customer created symmetric CMKs is enabledAWSData Protection
HIGH
AC_AZURE_0098Ensure that the attribute 'permissive_output_firewall_rules' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0101Ensure that the attribute 'shared_credentials' in Defender for IoT is not set to falseAzureInfrastructure Security
HIGH
AC_AZURE_0102Ensure that the attribute 'ip_filter_permissive_rule' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0165Ensure that only allowed key types are in use for Azure Key Vault CertificateAzureCompliance Validation
HIGH
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_GCP_0274Ensure OSLogin is enabled for centralized SSH key pair management using Google ProjectGCPIdentity and Access Management
MEDIUM
AC_K8S_0012Ensure that the --protect-kernel-defaults argument is set to trueKubernetesIdentity and Access Management
LOW
AC_K8S_0105Ensure use of creating Kubernetes rolebindings and attaching Kubernetes roles is minimized in Kubernetes RoleKubernetesIdentity and Access Management
HIGH
AC_K8S_0109Ensure that the --secure-port argument is not set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0117Ensure Kubernetes NetworkPolicy object is defined for every Kubernetes NamespaceKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0026Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0164Ensure that the Expiration Date is set for all Keys in RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0327Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureData Protection
MEDIUM
AC_K8S_0011Ensure that the --streaming-connection-idle-timeout argument is not set to 0KubernetesCompliance Validation
LOW
AC_K8S_0101Minimize access to secretsKubernetesIdentity and Access Management
HIGH
AC_AWS_0002Ensure AWS Certificate Manager (ACM) certificates are renewed 30 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0003Ensure AWS Certificate Manager (ACM) certificates are renewed 7 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0159Ensure customer master key (CMK) is not disabled for AWS Key Management Service (KMS)AWSResilience
HIGH
AC_AWS_0162Ensure that access policy is updated for AWS Key Management Service (KMS) keyAWSIdentity and Access Management
HIGH
AC_AZURE_0097Ensure that the Microsoft Defender for IoT Hub is enabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0103Ensure that the attribute 'inconsistent_module_settings' in Defender for IoT is not set to falseAzureInfrastructure Security
MEDIUM
AC_AZURE_0239Ensure That 'All users with the following roles' is set to 'Owner'AzureLogging and Monitoring
MEDIUM