Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_GCP_0237Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_iam_bindingGCPIdentity and Access Management
MEDIUM
AC_K8S_0129Ensure that the admission control plugin PodSecurityPolicy is setKubernetesCompliance Validation
MEDIUM
AC_AWS_0557Ensure the S3 bucket used to store CloudTrail logs is not publicly accessibleAWSLogging and Monitoring
MEDIUM
AC_AWS_0558Ensure a log metric filter and alarm exist for Management Console sign-in without MFAAWSSecurity Best Practices
HIGH
AC_AWS_0590Ensure the default security group of every VPC restricts all trafficAWSInfrastructure Security
MEDIUM
S3_AWS_0007Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_GCP_0003Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP AddressesGCPInfrastructure Security
HIGH
AC_GCP_0250Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'GCPCompliance Validation
LOW
AC_GCP_0264Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting ValueGCPCompliance Validation
LOW
AC_GCP_0291Ensure oslogin is enabled for a Project - google_compute_project_metadataGCPSecurity Best Practices
LOW
AC_GCP_0314Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to UsersGCPIdentity and Access Management
HIGH
AC_AWS_0369Ensure VPC flow logging is enabled in all VPCsAWSLogging and Monitoring
LOW
AC_GCP_0007Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level - google_project_iam_bindingGCPIdentity and Access Management
HIGH
AC_GCP_0009Ensure That Cloud Audit Logging Is Configured ProperlyGCPLogging and Monitoring
LOW
AC_GCP_0316Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'GCPCompliance Validation
LOW
AC_AWS_0209Ensure MFA Delete is enable on S3 bucketsAWSSecurity Best Practices
HIGH
AC_GCP_0035Ensure Compute instances are launched with Shielded VM enabledGCPInfrastructure Security
LOW
AC_AWS_0432Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0584Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
AC_GCP_0134Ensure That RDP Access Is Restricted From the InternetGCPInfrastructure Security
HIGH
AC_GCP_0260Ensure That SSH Access Is Restricted From the InternetGCPInfrastructure Security
HIGH
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0026Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key VaultsAzureData Protection
HIGH
AC_AWS_0140Ensure IAM password policy prevents password reuseAWSCompliance Validation
LOW
AC_AWS_0144Ensure IAM policies that allow full "*:*" administrative privileges are not attachedAWSIdentity and Access Management
HIGH
AC_AWS_0594Ensure no 'root' user account access key existsAWSIdentity and Access Management
HIGH
AC_AWS_0601Ensure hardware MFA is enabled for the 'root' user accountAWSCompliance Validation
HIGH
AC_AZURE_0126Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database ServerAzureInfrastructure Security
MEDIUM
S3_AWS_0010Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_AZURE_0040Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL serverAzureIdentity and Access Management
MEDIUM
AC_AZURE_0053Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureInfrastructure Security
HIGH
AC_AWS_0606Ensure MFA Delete is enabled on S3 bucketsAWSSecurity Best Practices
HIGH
AC_GCP_0024Ensure authentication using Client Certificates is DisabledGCPIdentity and Access Management
MEDIUM
AC_AWS_0160Ensure rotation for customer created CMKs is enabledAWSData Protection
HIGH
AC_AZURE_0194Ensure that Register with Azure Active Directory is enabled on App ServiceAzureSecurity Best Practices
MEDIUM
AC_AZURE_0327Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureData Protection
MEDIUM
AC_AZURE_0569Ensure that Register with Azure Active Directory is enabled on App Service - azurerm_windows_web_appAzureSecurity Best Practices
MEDIUM
AC_AZURE_0164Ensure that the Expiration Date is set for all Keys in RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0245Ensure that 'HTTP Version' is the Latest, if Used to Run the Web AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0336Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AWS_0556Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0561Ensure a log metric filter and alarm exist for IAM policy changesAWSSecurity Best Practices
HIGH
AC_AWS_0568Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)AWSSecurity Best Practices
HIGH
AC_AWS_0569Ensure a log metric filter and alarm exist for changes to network gatewaysAWSSecurity Best Practices
HIGH
AC_AWS_0572Ensure a log metric filter and alarm exists for AWS Organizations changesAWSSecurity Best Practices
HIGH
AC_AWS_0599Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removedAWSIdentity and Access Management
MEDIUM
AC_AWS_0600Ensure there is only one active access key available for any single IAM userAWSIdentity and Access Management
MEDIUM
AC_GCP_0001Ensure That Cloud SQL Database Instances Are Configured With Automated BackupsGCPResilience
MEDIUM
AC_GCP_0039Ensure "Block Project-Wide SSH Keys" Is Enabled for VM InstancesGCPInfrastructure Security
LOW
AC_GCP_0225Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'GCPCompliance Validation
LOW