Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0042Ensure standard password policy must be followed with password at least 14 characters longAWSIdentity and Access Management
MEDIUM
AC_AWS_0564Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKsAWSSecurity Best Practices
HIGH
AC_AWS_0567Ensure a log metric filter and alarm exist for security group changesAWSSecurity Best Practices
HIGH
AC_AZURE_0086Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'AzureInfrastructure Security
MEDIUM
AC_AZURE_0122Ensure FTP deployments are Disabled - azurerm_linux_function_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0131Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database ServerAzureInfrastructure Security
HIGH
AC_AZURE_0163Ensure that the Expiration Date is set for all Secrets in RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0573Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0583Ensure FTP deployments are Disabled - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_AWS_0632Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AZURE_0373Ensure that 'Secure transfer required' is set to 'Enabled'AzureData Protection
HIGH
AC_GCP_0234Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access EnabledGCPIdentity and Access Management
LOW
AC_GCP_0239Ensure That Service Account Has No Admin Privileges - google_storage_bucket_iam_memberGCPIdentity and Access Management
HIGH
AC_AWS_0586Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0588Ensure a log metric filter and alarm exist for AWS Management Console authentication failuresAWSSecurity Best Practices
HIGH
AC_GCP_0313Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly AccessibleGCPData Protection
MEDIUM
AC_AWS_0138Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_GCP_0002Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSLGCPInfrastructure Security
HIGH
AC_AWS_0142Ensure IAM password policy requires minimum length of 14 or greaterAWSCompliance Validation
MEDIUM
AC_AWS_0605Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AZURE_0167Ensure the Key Vault is RecoverableAzureData Protection
MEDIUM
AC_AZURE_0408Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database ServerAzureInfrastructure Security
HIGH
AC_GCP_0033Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC NetworkGCPLogging and Monitoring
MEDIUM
AC_AWS_0098Ensure Customer Managed Keys (CMK) are used for encryption of AWS Elastic File System (EFS)AWSData Protection
HIGH
AC_AWS_0197Ensure KMS customer managed key (CMK) for encryption of AWS Redshift clustersAWSSecurity Best Practices
HIGH
AC_AWS_0198Ensure encryption is enabled for AWS Redshift clustersAWSData Protection
MEDIUM
AC_AWS_0206Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 BucketsAWSData Protection
HIGH
AC_AWS_0275Ensure no security groups is wide open to public, that is, allows traffic from 0.0.0.0/0 to ALL ports and protocolsAWSInfrastructure Security
HIGH
AC_AZURE_0563Ensure Private Endpoints are used to access Storage AccountsAzureData Protection
MEDIUM
AC_AZURE_0564Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabledAzureData Protection
MEDIUM
AC_AWS_0552Ensure MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH
AC_AWS_0038Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AWS_0151Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH
AC_AWS_0585Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_GCP_0282Ensure That Compute Instances Do Not Have Public IP AddressesGCPInfrastructure Security
MEDIUM
AC_AWS_0611Ensure AWS Security Hub is enabledAWSInfrastructure Security
MEDIUM
AC_AZURE_0342Ensure that RDP access is restricted from the internetAzureInfrastructure Security
HIGH
AC_AZURE_0357Ensure that UDP Services are restricted from the InternetAzureInfrastructure Security
HIGH
AC_AWS_0593Ensure that IAM Access analyzer is enabled for all regionsAWSInfrastructure Security
MEDIUM
AC_K8S_0117Ensure Kubernetes NetworkPolicy object is defined for every Kubernetes NamespaceKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0572Ensure Web App is using the latest version of TLS encryption - azurerm_linux_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0575Ensure Web App is using the latest version of TLS encryption - azurerm_windows_web_appAzureInfrastructure Security
MEDIUM
AC_GCP_0251Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on'GCPCompliance Validation
LOW
AC_AZURE_0116Ensure FTP deployments are Disabled - azurerm_windows_function_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0334Ensure FTP deployments are DisabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0372Ensure Default Network Access Rule for Storage Accounts is Set to DenyAzureInfrastructure Security
MEDIUM
AC_AZURE_0571Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App - azurerm_windows_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0577Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_windows_web_appAzureInfrastructure Security
MEDIUM
AC_AZURE_0584Ensure FTP deployments are Disabled - azurerm_windows_web_appAzureInfrastructure Security
MEDIUM