Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0010Ensure that content encoding is enabled for API Gateway Rest APIAWSInfrastructure Security
MEDIUM
AC_AWS_0014Ensure resource ARNs do not have region missing in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0015Ensure AWS WAF ACL is associated with AWS API Gateway StageAWSLogging and Monitoring
LOW
AC_AWS_0030Ensure valid account number format is used in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0032Ensure a web application firewall is enabled for AWS CloudFront distributionAWSInfrastructure Security
MEDIUM
AC_AWS_0040Ensure IAM policies with NotAction and NotResource are not attached or usedAWSIdentity and Access Management
HIGH
AC_AWS_0042Ensure standard password policy must be followed with password at least 14 characters longAWSIdentity and Access Management
MEDIUM
AC_AWS_0045Ensure 'password policy' is enabled - at least 1 upper case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0046Ensure 'password policy' is enabled - at least 1 symbolAWSIdentity and Access Management
MEDIUM
AC_AWS_0050Ensure `arn` prefix is in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0051Ensure event subscriptions are enabled for instance level eventsAWSLogging and Monitoring
MEDIUM
AC_AWS_0052Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0053Ensure IAM authentication is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
MEDIUM
AC_AWS_0059Ensure master username does not use commonly predicted usernames for Amazon Relational Database Service (Amazon RDS) instancesAWSIdentity and Access Management
MEDIUM
AC_AWS_0061Ensure active directory remains in use to authenticate users for Amazon Relational Database Service (Amazon RDS) InstancesAWSCompliance Validation
MEDIUM
AC_AWS_0069Ensure Multi-AZ is enabled for AWS Database Migration Service (DMS) instancesAWSCompliance Validation
MEDIUM
AC_AWS_0071Ensure encryption at rest is enabled for AWS DocumentDB clustersAWSData Protection
MEDIUM
AC_AWS_0076Ensure point-in-time-recovery (PITR) is enabled for AWS DynamoDB tablesAWSResilience
MEDIUM
AC_AWS_0078Ensure customer managed keys (CMK) are used for server side encryption (SSE) of AWS DyanamoDB tablesAWSData Protection
MEDIUM
AC_AWS_0079Ensure default encryption is enabled for AWS EBS VolumesAWSData Protection
HIGH
AC_AWS_0086Ensure container insights are enabled for Amazon Elastic Container Service (ECS) clustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0089Ensure potential DATABASE information is not included in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0090Ensure SECRET information is not included in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0091Ensure potential TOKEN information is not included in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0092Ensure potential LICENSE information is not disclosed in plain text in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0101Ensure public access is disabled for AWS Elastic Kubernetes Service (EKS) API serversAWSInfrastructure Security
MEDIUM
AC_AWS_0106Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domainAWSIdentity and Access Management
HIGH
AC_AWS_0113Ensure Amazon cognito authentication is enabled for AWS ElasticSearch DomainAWSIdentity and Access Management
MEDIUM
AC_AWS_0119Ensure permissions are tightly controlled for AWS ElasticSearch DomainsAWSIdentity and Access Management
HIGH
AC_AWS_0120Ensure AWS ELB has one listener configured to listen for HTTPs trafficAWSInfrastructure Security
LOW
AC_AWS_0125Ensure public access is disabled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0127Ensure flow logs are enabled for AWS Global AcceleratorAWSLogging and Monitoring
MEDIUM
AC_AWS_0131Ensure intelligent threat detection is enabled for all regions via AWS GuardDuty DetectorAWSLogging and Monitoring
MEDIUM
AC_AWS_0132Ensure no root user account access key existsAWSIdentity and Access Management
HIGH
AC_AWS_0134Ensure password policy requires at least one lowercase character for AWS IAM Account Password PolicyAWSCompliance Validation
LOW
AC_AWS_0138Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AWS_0150Ensure a log metric filter and alarm exist for AWS NAT GatewaysAWSSecurity Best Practices
HIGH
AC_AWS_0171Ensure weak ciphers are removed for AWS Elastic Load Balancers (ELB)AWSInfrastructure Security
HIGH
AC_AWS_0174Ensure log exports is enabled for AWS MQ BrokersAWSLogging and Monitoring
LOW
AC_AWS_0179Ensure auto minor version upgrade is enabled for AWS MQ BrokersAWSSecurity Best Practices
MEDIUM
AC_AWS_0180Ensure inter-cluster encryption is enabled for AWS MSK clusterAWSData Protection
HIGH
AC_AWS_0181Ensure that TLS-Only communication should be allowed between AWS MSK client and brokerAWSInfrastructure Security
HIGH
AC_AWS_0186Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSData Protection
HIGH
AC_AWS_0193Ensure Auto Minor Version Upgrade feature is Enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSCompliance Validation
MEDIUM
AC_AWS_0201Ensure allow version upgrade is enabled for AWS Redshift ClustersAWSSecurity Best Practices
LOW
AC_AWS_0202Ensure AWS Redshift Cluster should not be using the default port (5439)AWSInfrastructure Security
MEDIUM
AC_AWS_0204Ensure CloudWatch logging is enabled for AWS Route53 hosted zonesAWSLogging and Monitoring
MEDIUM
AC_AWS_0221Ensure 'allow put actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0232Ensure insecure SSL protocols are not configured for AWS CloudFront originAWSInfrastructure Security
MEDIUM
AC_AWS_0240Ensure Security Groups do not have unrestricted specific ports open - Hadoop Name Node (TCP,9000)AWSInfrastructure Security
HIGH