Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0573Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removedAWSIdentity and Access Management
MEDIUM
AC_AWS_0553Ensure a support role has been created to manage incidents with AWS SupportAWSIdentity and Access Management
MEDIUM
AC_AWS_0559Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0554Ensure there is only one active access key available for any single IAM userAWSIdentity and Access Management
MEDIUM
AC_AWS_0560Ensure a log metric filter and alarm exist for usage of 'root' accountAWSSecurity Best Practices
HIGH
AC_AWS_0434Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AWS_0209Ensure MFA Delete is enable on S3 bucketsAWSSecurity Best Practices
HIGH
S3_AWS_0005Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
S3_AWS_0010Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_AWS_0132Ensure no root user account access key existsAWSIdentity and Access Management
HIGH
AC_AWS_0552Ensure MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH
AC_AWS_0428Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_AWS_0606Ensure MFA Delete is enabled on S3 bucketsAWSSecurity Best Practices
HIGH
AC_AWS_0186Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSData Protection
HIGH
AC_AWS_0571Ensure a log metric filter and alarm exist for VPC changesAWSSecurity Best Practices
HIGH
AC_AWS_0557Ensure the S3 bucket used to store CloudTrail logs is not publicly accessibleAWSLogging and Monitoring
MEDIUM
AC_AWS_0558Ensure a log metric filter and alarm exist for Management Console sign-in without MFAAWSSecurity Best Practices
HIGH
S3_AWS_0007Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_AWS_0042Ensure standard password policy must be followed with password at least 14 characters longAWSIdentity and Access Management
MEDIUM
AC_AWS_0080Ensure EBS volume encryption is enabledAWSData Protection
HIGH
AC_AWS_0562Ensure a log metric filter and alarm exist for CloudTrail configuration changesAWSSecurity Best Practices
HIGH
AC_AWS_0598Ensure a support role has been created to manage incidents with AWS SupportAWSIdentity and Access Management
MEDIUM
AC_AWS_0138Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AWS_0587Ensure a log metric filter and alarm exist for usage of 'root' accountAWSSecurity Best Practices
HIGH
AC_AWS_0591Ensure EBS Volume Encryption is Enabled in all RegionsAWSData Protection
HIGH
AC_AWS_0565Ensure a log metric filter and alarm exist for S3 bucket policy changesAWSSecurity Best Practices
HIGH
AC_AWS_0556Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0561Ensure a log metric filter and alarm exist for IAM policy changesAWSSecurity Best Practices
HIGH
AC_AWS_0569Ensure a log metric filter and alarm exist for changes to network gatewaysAWSSecurity Best Practices
HIGH
AC_AWS_0572Ensure a log metric filter and alarm exists for AWS Organizations changesAWSSecurity Best Practices
HIGH
AC_AWS_0599Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removedAWSIdentity and Access Management
MEDIUM
AC_AWS_0600Ensure there is only one active access key available for any single IAM userAWSIdentity and Access Management
MEDIUM
AC_AWS_0586Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0034Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_AWS_0570Ensure a log metric filter and alarm exist for route table changesAWSSecurity Best Practices
HIGH
AC_AWS_0608Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_AWS_0605Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AWS_0230Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0038Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AWS_0597Ensure MFA is enabled for the 'root' user accountAWSCompliance Validation
HIGH
AC_AWS_0432Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0626Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_AWS_0627Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0142Ensure IAM password policy requires minimum length of 14 or greaterAWSCompliance Validation
MEDIUM
AC_AWS_0140Ensure IAM password policy prevents password reuseAWSCompliance Validation
LOW
AC_AWS_0144Ensure IAM policies that allow full "*:*" administrative privileges are not attachedAWSIdentity and Access Management
HIGH
AC_AWS_0594Ensure no 'root' user account access key existsAWSIdentity and Access Management
HIGH
AC_AWS_0634Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH
AC_AWS_0151Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH
AC_AWS_0585Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM