Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0047Ensure 'password policy' is enabled - at least 1 numberAWSIdentity and Access Management
MEDIUM
AC_AWS_0158Ensure sufficient data retention period is set for AWS Kinesis StreamsAWSResilience
MEDIUM
AC_AWS_0045Ensure 'password policy' is enabled - at least 1 upper case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0046Ensure 'password policy' is enabled - at least 1 symbolAWSIdentity and Access Management
MEDIUM
AC_AWS_0044Ensure 'password policy' is enabled - at least 1 lower case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0515Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0527Ensure LDAP (UDP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0533Ensure Memcached SSL (UDP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0538Ensure Oracle DB (TCP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0542Ensure Redis without SSL (TCP:6379) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0270Ensure Security Groups do not have unrestricted specific ports open - Oracle Database Server (TCP,1521)AWSInfrastructure Security
HIGH
AC_AWS_0311Ensure Cassandra Client (TCP:9042) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0362Ensure MongoDB' (TCP,27017) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0511Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0512Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0518Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0522Ensure Cassandra Thrift (TCP:9160) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0541Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0139Ensure password policy requires rotation every 60 days or less for AWS IAM Account Password PolicyAWSCompliance Validation
LOW
AC_AWS_0157Ensure KMS customer managed keys are used for encryption in AWS Kinesis StreamsAWSData Protection
HIGH
AC_AWS_0547Ensure there is an encrypted connection between AWS CloudFront server and Origin serverAWSData Protection
HIGH
AC_AWS_0429Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 BucketsAWSData Protection
HIGH
AC_AWS_0171Ensure weak ciphers are removed for AWS Elastic Load Balancers (ELB)AWSInfrastructure Security
HIGH
AC_AWS_0096Ensure encryption is enabled for AWS EFS file systemsAWSData Protection
HIGH
AC_AWS_0317Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0318Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block rangeAWSInfrastructure Security
HIGH
AC_AWS_0370Ensure default VPC is not used for AWS VPCAWSSecurity Best Practices
MEDIUM
AC_AWS_0509Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0514Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0517Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0528Ensure LDAP (UDP:389) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0529Ensure LDAP (UDP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0534Ensure Memcached SSL (UDP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0544Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0058Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0067Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scopeAWSInfrastructure Security
HIGH
AC_AWS_0133Ensure there is no IAM user with permanent programmatic accessAWSIdentity and Access Management
MEDIUM
AC_AWS_0149Ensure no user can assume the role without MFA is specified in the condition parameter of AWS IAM User PolicyAWSCompliance Validation
LOW
AC_AWS_0217Ensure 'allow all actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0123Ensure access logging is enabled for AWS ELBAWSLogging and Monitoring
MEDIUM
S3_AWS_0001Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets - Terraform Version 1.xAWSData Protection
HIGH
S3_AWS_0002Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS S3 Buckets - Terraform Version 1.xAWSData Protection
HIGH
AC_AWS_0172Ensure recommended SSL/TLS protocol version is used for AWS Elastic Load Balancers (ELB)AWSInfrastructure Security
HIGH
AC_AWS_0233Ensure Cassandra Client (TCP:9042) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0508Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0523Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0524Ensure LDAP (TCP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0526Ensure LDAP (TCP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0530Ensure Memcached SSL (TCP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0531Ensure Memcached SSL (TCP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM