Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
Tenable AWS Best Practice Audit
Changelog
Revision 1.27
Changelog
Revision 1.27
Dec 12, 2018
Informational Update
Bootstrapping
Building Threat Protection Layers
CLOUDTRAIL: CloudTrail logs are not publicly accessible - 'Review S3 Buckets
Conclusion
Controlling Security for Public AMIs
Creating Custom AMIs
Cross-Account Access
Decommission Data and Media Securely
Define and Categorize Assets on AWS
Design Your ISMS to Protect Your Assets on AWS
EC2: DescribeAccountAttributes - 'supported platforms'
EC2: DescribeAddresses - 'Review list of interface assignments and private IPs'
EC2: DescribeAddresses - 'Review list of public IPs'
EC2: DescribeAvailabilityZones: 'Avalable availability zones list'
EC2: DescribeCustomerGateways - 'Review list of customer gateways'
EC2: DescribeDhcpOptions - 'DHCP DNS Servers'
EC2: DescribeDhcpOptions - 'DHCP domains'
EC2: DescribeInstanceStatus - 'Review instances with impaired system status'
EC2: DescribeInstanceStatus - 'Review instances with impared instance status'
EC2: DescribeInstanceStatus - 'Review instances with insufficient-data instance status'
EC2: DescribeInstanceStatus - 'Review instances with insufficient-data system status'
EC2: DescribeInstanceStatus - 'Review pending instances'
EC2: DescribeInstanceStatus - 'Review shutting down instances'
EC2: DescribeInstanceStatus - 'Review status of instances'
EC2: DescribeInstanceStatus - 'Review stopped instances'
EC2: DescribeInstanceStatus - 'Review terminated instances'
EC2: DescribeInstances - 'Review list of current VPCs and their platforms'
EC2: DescribeInstances - 'Review list of current VPCs and their status'
EC2: DescribeInstances - 'Verify the architecture of instances'
EC2: DescribeInstances - 'Verify the private IP addresses of instances'
EC2: DescribeInstances - 'Verify the public IP addresses of instances'
EC2: DescribeInstances - 'Verify the root device of instances'
EC2: DescribeInstances - 'Verify the security group of instances in the VPC'
EC2: DescribeInternetGateways - 'Review list of internet gateways'
EC2: DescribeKeyPairs - 'Key names currently in use'
EC2: DescribeNetworkAcls - 'Review list of network ACLs'
EC2: DescribePlacementGroups - 'Placement groups currently in use'
EC2: DescribePlacementGroups - 'Placement groups deleted or deleting'
EC2: DescribePlacementGroups - 'Placement groups pending'
EC2: DescribeRegions - 'Regions that are currently available'
EC2: DescribeRouteTables - 'Review manually added routes'
EC2: DescribeRouteTables - 'Review routes defined for VPCs'
EC2: DescribeSecurityGroups - 'Review security groups'
EC2: DescribeSubnets - 'Available IP Addresses'
EC2: DescribeSubnets - 'Current subnet list'
EC2: DescribeSubnets - 'Default subnets'
EC2: DescribeSubnets - 'Pending subnets'
EC2: DescribeSubnets - 'Subnets which map public IP'
EC2: DescribeSubnets - 'Subnets with no available IP addresses'
EC2: DescribeVolumes - 'Attached volumes'
EC2: DescribeVolumes - 'Current available volume list'
EC2: DescribeVolumes - 'Current in-use volume list'
EC2: DescribeVolumes - 'Current volume sizes'
EC2: DescribeVpcs - 'Review the current VPC list'
EC2: DescribeVpnConnections - 'Review deleted VPN connections'
EC2: DescribeVpnConnections - 'Review existing VPN connections'
EC2: DescribeVpnConnections - 'Review pending VPN connections'
EC2: DescribeVpnGateways - 'Review list of VPN Gateway attachments'
EC2: DescribeVpnGateways - 'Review list of VPN Gateways'
IAM Roles for Amazon EC2
IAM: GetAccountSummary - 'Groups'
IAM: GetAccountSummary - 'MFADevicesInUse'
IAM: GetAccountSummary - 'Roles'
IAM: GetAccountSummary - 'RolesQuota'
IAM: GetAccountSummary - 'ServerCertificates'
IAM: GetAccountSummary - 'ServerCertificatesQuota'
IAM: GetAccountSummary - 'SigningCertificatesPerUserQuota'
IAM: GetAccountSummary - 'Unused MFA devices'
IAM: GetAccountSummary - 'Users'
IAM: GetAccountSummary - 'UsersQuota'
IAM: GetGroup - 'Admin group membership should be reviewed'
IAM: GetGroup - 'Group membership should be reviewed'
IAM: ListGroupPolicies - 'Review policies assigned to groups'
IAM: ListGroups - 'Review current group list'
IAM: ListRoles - 'Review roles'
IAM: ListServerCertificates - 'Verify certificate names and upload dates'
IAM: ListUsers - 'Review current user list'
IAM: ListUsers - 'Review user paths'
IAM: User Accounts - 'Access Key 1'
IAM: User Accounts - 'Access Key 2'
IAM: root account - 'Root Account - Access Key 1'
IAM: root account - 'Root Account - Access Key 2'
Identity Federation
Logging Faults
MFA for API calls
MONITORING: Verify subscribers to each SNS topic
Managing Application and Administrative Access to AWS Public Cloud Services
Managing Logs for Critical Transactions
Managing Metrics and Improvement
Managing OS-level Access to Amazon EC2 Instances
Managing Patches
Mitigating Compromise and Abuse
Mitigating and Protecting Against DoS & DDoS Attacks
Protecting Data at Rest on Amazon DynamoDB
Protecting Data at Rest on Amazon EMR
Protecting Data at Rest on Amazon Glacier
Protecting Data at Rest on Amazon RDS
Protecting Data at Rest on Amazon S3
Protecting Data in Transit to Amazon DynamoDB
Protecting Data in Transit to Amazon EMR
Protecting Data in Transit to Amazon RDS
Protecting Data in Transit to Amazon S3
Protecting Data in Transit when Managing AWS Services
Protecting Log Information
Protecting Your System from Malware
Resource Access Authorization
Secure Your Operating Systems and Applications
Shared Responsibility Model for Abstracted Services
Shared Responsibility Model for Container Services
Shared Responsibility Model for Infrastructure Services
Test Security
Understanding the AWS Secure Global Infrastructure
Using Additional Application Security Practices
Using Change Management Logs
Using the AWS Trusted Advisor Tool
Miscellaneous
Metadata updated.
References updated.