Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0552Ensure MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH
AC_AWS_0557Ensure the S3 bucket used to store CloudTrail logs is not publicly accessibleAWSLogging and Monitoring
MEDIUM
AC_AWS_0558Ensure a log metric filter and alarm exist for Management Console sign-in without MFAAWSSecurity Best Practices
HIGH
AC_AWS_0571Ensure a log metric filter and alarm exist for VPC changesAWSSecurity Best Practices
HIGH
AC_AWS_0573Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removedAWSIdentity and Access Management
MEDIUM
AC_AWS_0576Ensure private subnets are not used to deploy AWS NAT GatewaysAWSData Protection
HIGH
AC_AWS_0582Ensure CloudTrail logs are encrypted at rest using KMS CMKsAWSLogging and Monitoring
HIGH
AC_AWS_0584Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
AC_AWS_0589Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0590Ensure the default security group of every VPC restricts all trafficAWSInfrastructure Security
MEDIUM
AC_AWS_0595Ensure access keys are rotated every 90 days or lessAWSIdentity and Access Management
MEDIUM
AC_AWS_0596Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AWS_0620Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Notification Service (SNS) TopicAWSIdentity and Access Management
LOW
S3_AWS_0006Ensure bucket policy is enforced with least privileges for all AWS S3 buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
S3_AWS_0007Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
S3_AWS_0008Ensure that Object-level logging for write events is enabled for S3 bucket - Terraform Version 1.xAWSIdentity and Access Management
HIGH
S3_AWS_0011Ensure there are no world-listable AWS S3 Buckets - Terraform Version 1.xAWSIdentity and Access Management
HIGH
S3_AWS_0012Ensure AWS S3 Buckets are not world-listable for anonymous users - Terraform Version 1.xAWSIdentity and Access Management
HIGH
AC_AWS_0139Ensure password policy requires rotation every 60 days or less for AWS IAM Account Password PolicyAWSCompliance Validation
LOW
AC_AWS_0145Ensure that full access to edit IAM Policies is restrictedAWSIdentity and Access Management
HIGH
AC_AWS_0386Ensure that inline policy does not expose secrets in AWS Secrets ManagerAWSSecurity Best Practices
HIGH
AC_AWS_0626Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_AWS_0004Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0006Ensure Amazon Machine Image (AMI) is not shared among multiple accountsAWSInfrastructure Security
MEDIUM
AC_AWS_0007Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method SettingsAWSLogging and Monitoring
MEDIUM
AC_AWS_0018Ensure encryption is enabled for AWS Athena QueryAWSData Protection
MEDIUM
AC_AWS_0019Ensure there is no policy with Empty array ActionAWSIdentity and Access Management
LOW
AC_AWS_0025Ensure there is no policy with invalid principal format for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
LOW
AC_AWS_0026Ensure there is no IAM policy with invalid region used for resource ARNAWSIdentity and Access Management
LOW
AC_AWS_0027Ensure there is no IAM policy with invalid partition used for resource ARNAWSIdentity and Access Management
LOW
AC_AWS_0031Ensure only lower case letters are in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0037Ensure logging for global services is enabled for AWS CloudTrailAWSLogging and Monitoring
MEDIUM
AC_AWS_0057Ensure CA certificate used is not older than 1 year for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0070Ensure auto minor version upgrade is enabled for AWS Database Migration Service (DMS) instancesAWSSecurity Best Practices
MEDIUM
AC_AWS_0095Ensure potential PASSWORD information is not disclosed in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0097Ensure VPC is enabled for AWS Redshift ClusterAWSInfrastructure Security
MEDIUM
AC_AWS_0098Ensure Customer Managed Keys (CMK) are used for encryption of AWS Elastic File System (EFS)AWSData Protection
HIGH
AC_AWS_0109Ensure latest version of elasticsearch engine is used for AWS ElasticSearch DomainsAWSCompliance Validation
MEDIUM
AC_AWS_0112Ensure encryption at-rest is enabled for AWS ElasticSearch DomainsAWSData Protection
HIGH
AC_AWS_0114Ensure node-to-node encryption is enabled for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0121Ensure cross zone load balancing is enabled for AWS ELBAWSResilience
MEDIUM
AC_AWS_0123Ensure access logging is enabled for AWS ELBAWSLogging and Monitoring
MEDIUM
AC_AWS_0130Ensure 'Job Bookmark Encryption' is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0141Ensure password policy requires minimal length of 7 for AWS IAM Account Password PolicyAWSCompliance Validation
MEDIUM
AC_AWS_0160Ensure rotation for customer created CMKs is enabledAWSData Protection
HIGH
AC_AWS_0164Ensure VPC access is enabled for AWS Lambda FunctionsAWSInfrastructure Security
MEDIUM
AC_AWS_0168Ensure there are no hard coded keys used in base64 encoded value of AWS Launch ConfigurationAWSData Protection
HIGH
AC_AWS_0178Ensure customer owned KMS key is used for encrypting AWS MQ BrokersAWSData Protection
HIGH
AC_AWS_0184Ensure deletion protection is enabled for AWS QLDB LedgerAWSResilience
MEDIUM
AC_AWS_0197Ensure KMS customer managed key (CMK) for encryption of AWS Redshift clustersAWSSecurity Best Practices
HIGH