Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0512Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0518Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0522Ensure Cassandra Thrift (TCP:9160) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0541Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0545Ensure environment variables do not contain any credentials in AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AWS_0549Ensure geo-restriction is enabled for AWS CloudFrontAWSInfrastructure Security
LOW
AC_AWS_0564Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKsAWSSecurity Best Practices
HIGH
AC_AWS_0567Ensure a log metric filter and alarm exist for security group changesAWSSecurity Best Practices
HIGH
AC_AWS_0574Ensure that Object-level logging for write events is enabled for S3 bucketAWSIdentity and Access Management
HIGH
AC_AWS_0577Ensure tags are defined for AWS NAT GatewaysAWSSecurity Best Practices
LOW
AC_AWS_0579Ensure multiple availability zones are used to deploy AWS NAT GatewaysAWSSecurity Best Practices
MEDIUM
AC_AWS_0607Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AWS_0610Ensure no security groups allow ingress from ::/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0618Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLsAWSIdentity and Access Management
MEDIUM
S3_AWS_0015Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
S3_AWS_0017Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_AWS_0183Ensure IAM database authentication has been enabled for AWS Neptune clusterAWSIdentity and Access Management
MEDIUM
AC_AWS_0211Ensure AWS S3 Buckets are not listable for Authenticated users groupAWSIdentity and Access Management
HIGH
AC_AWS_0214Ensure versioning is enabled for AWS S3 BucketsAWSResilience
HIGH
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_AWS_0632Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0646Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AWS_0002Ensure AWS Certificate Manager (ACM) certificates are renewed 30 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0003Ensure AWS Certificate Manager (ACM) certificates are renewed 7 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0005Ensure encryption is enabled for Amazon Machine Image (AMI)AWSInfrastructure Security
MEDIUM
AC_AWS_0008Ensure stage caching is enabled for AWS API Gateway Method SettingsAWSCompliance Validation
MEDIUM
AC_AWS_0011Ensure that the endpoint type is set to private for API Gateway Rest APIAWSInfrastructure Security
MEDIUM
AC_AWS_0020Ensure failover criteria is set for AWS Cloudfront DistributionAWSResilience
MEDIUM
AC_AWS_0023Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policyAWSIdentity and Access Management
LOW
AC_AWS_0034Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_AWS_0035Ensure Amazon Simple Notification Service (SNS) topic is defined for notifying log file delivery for AWS CloudTrailAWSLogging and Monitoring
MEDIUM
AC_AWS_0041Ensure resource ARNs do not have arn field missing in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0047Ensure 'password policy' is enabled - at least 1 numberAWSIdentity and Access Management
MEDIUM
AC_AWS_0055Ensure the security best practices configuration is followed for Amazon Relational Database Service (Amazon RDS) instancesAWSSecurity Best Practices
HIGH
AC_AWS_0056Ensure automatic minor version upgrade is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0064Ensure CloudWatch logging is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSLogging and Monitoring
MEDIUM
AC_AWS_0068Ensure public access is disabled for AWS Database Migration Service (DMS) instancesAWSData Protection
HIGH
AC_AWS_0093Ensure potential AWS_ACCESS_KEY_ID information is not disclosed in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0094Ensure potential CLIENT_ID information is not disclosed in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0099Ensure there are no public file systems for AWS Elastic File System (EFS)AWSIdentity and Access Management
HIGH
AC_AWS_0110Ensure ElasticSearch Zone Awareness is enabledAWSResilience
MEDIUM
AC_AWS_0111Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0116Ensure advanced security options are enabled for AWS ElasticSearch DomainAWSInfrastructure Security
HIGH
AC_AWS_0126Ensure permissions are tightly controlled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0128Ensure S3 encryption configuration is configured for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0129Ensure CloudWatch log encryption is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0133Ensure there is no IAM user with permanent programmatic accessAWSIdentity and Access Management
MEDIUM
AC_AWS_0136Ensure IAM password policy requires minimum length of 14 or greaterAWSCompliance Validation
MEDIUM
AC_AWS_0142Ensure IAM password policy requires minimum length of 14 or greaterAWSCompliance Validation
MEDIUM
AC_AWS_0147Ensure full administrative privileges are not created and are attached to a role using AWS IAM Role PolicyAWSIdentity and Access Management
HIGH