Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AZURE_0079Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)AzureData Protection
MEDIUM
AC_AZURE_0163Ensure that the Expiration Date is set for all Secrets in RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0167Ensure the Key Vault is RecoverableAzureData Protection
MEDIUM
AC_AZURE_0557Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requestsAzureData Protection
MEDIUM
AC_GCP_0313Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly AccessibleGCPData Protection
MEDIUM
AC_AWS_0018Ensure encryption is enabled for AWS Athena QueryAWSData Protection
MEDIUM
AC_AWS_0057Ensure CA certificate used is not older than 1 year for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0095Ensure potential PASSWORD information is not disclosed in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0098Ensure Customer Managed Keys (CMK) are used for encryption of AWS Elastic File System (EFS)AWSData Protection
HIGH
AC_AWS_0112Ensure encryption at-rest is enabled for AWS ElasticSearch DomainsAWSData Protection
HIGH
AC_AWS_0114Ensure node-to-node encryption is enabled for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0130Ensure 'Job Bookmark Encryption' is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0160Ensure rotation for customer created CMKs is enabledAWSData Protection
HIGH
AC_AWS_0168Ensure there are no hard coded keys used in base64 encoded value of AWS Launch ConfigurationAWSData Protection
HIGH
AC_AWS_0178Ensure customer owned KMS key is used for encrypting AWS MQ BrokersAWSData Protection
HIGH
AC_AWS_0198Ensure encryption is enabled for AWS Redshift clustersAWSData Protection
MEDIUM
AC_AWS_0206Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 BucketsAWSData Protection
HIGH
AC_AWS_0436Ensure automatic backups are enabled for AWS Elasticache ClusterAWSData Protection
MEDIUM
AC_AWS_0451Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log GroupAWSData Protection
HIGH
AC_AWS_0457Ensure environment variables are protected using AWS KMS keys for AWS Lambda FunctionsAWSData Protection
HIGH
AC_AWS_0460Ensure that customer managed keys are used in AWS Kinesis Firehose Delivery StreamAWSData Protection
HIGH
AC_AWS_0578Ensure AWS NAT Gateways are used instead of default routes for AWS Route TableAWSData Protection
HIGH
AC_AWS_0602Ensure rotation for customer created symmetric CMKs is enabledAWSData Protection
HIGH
AC_AZURE_0172Ensure Hyper-V generation uses v2 for Azure ImageAzureData Protection
LOW
AC_AZURE_0315Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB AccountAzureData Protection
MEDIUM
AC_AZURE_0322Ensure that Microsoft Defender for Key Vault is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0550Ensure disk encryption is enabled for Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_GCP_0036Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute InstanceGCPData Protection
MEDIUM
AC_GCP_0289Ensure cloud instance snapshots are encrypted through Google Compute SnapshotGCPData Protection
MEDIUM
AC_K8S_0037Ensure that the --service-account-key-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0038Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0041Ensure that the --etcd-cafile argument is set as appropriateKubernetesData Protection
MEDIUM
CIS_AZURE_0217Ensure Storage for Critical Data are Encrypted with Customer Managed KeysAzureData Protection
MEDIUM
S3_AWS_0002Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets - Terraform Version 1.xAWSData Protection
HIGH
AC_AZURE_0026Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0164Ensure that the Expiration Date is set for all Keys in RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0327Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL ServersAzureData Protection
MEDIUM
AC_AZURE_0558Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requestsAzureData Protection
MEDIUM
AC_AZURE_0563Ensure Private Endpoints are used to access Storage AccountsAzureData Protection
MEDIUM
AC_AZURE_0564Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabledAzureData Protection
MEDIUM
AC_AWS_0056Ensure automatic minor version upgrade is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0068Ensure public access is disabled for AWS Database Migration Service (DMS) instancesAWSData Protection
HIGH
AC_AWS_0093Ensure potential AWS_ACCESS_KEY_ID information is not disclosed in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0094Ensure potential CLIENT_ID information is not disclosed in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0111Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0128Ensure S3 encryption configuration is configured for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0129Ensure CloudWatch log encryption is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0155Ensure at-rest server side encryption (SSE) is enabled for data stored in AWS Kinesis ServerAWSData Protection
HIGH
AC_AWS_0157Ensure KMS customer managed keys are used for encryption in AWS Kinesis StreamsAWSData Protection
HIGH
AC_AWS_0207Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH