Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0090Ensure SECRET information is not included in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0091Ensure potential TOKEN information is not included in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0092Ensure potential LICENSE information is not disclosed in plain text in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0101Ensure public access is disabled for AWS Elastic Kubernetes Service (EKS) API serversAWSInfrastructure Security
MEDIUM
AC_AWS_0466Ensure IAM policy is attached to Amazon Elastic Container Registry (Amazon ECR) repositoryAWSIdentity and Access Management
MEDIUM
AC_AZURE_0108Ensure public IP addresses are not assigned to Azure Windows Virtual MachinesAzureSecurity Best Practices
HIGH
AC_AZURE_0113Ensure backup is enabled using Azure Backup for Azure Linux Virtual MachinesAzureSecurity Best Practices
LOW
AC_AZURE_0161Ensure that kubernetes dashboard is disabled for Azure Kubernetes ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0174Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure ImageAzureCompliance Validation
LOW
AC_AZURE_0262Ensure public network access is disabled for Azure Container RegistryAzureInfrastructure Security
MEDIUM
AC_AZURE_0281Ensure latest version of Azure Kubernetes Cluster is in useAzureInfrastructure Security
MEDIUM
AC_AZURE_0310Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual MachineAzureInfrastructure Security
MEDIUM
AC_AZURE_0358Ensure use of NSG with Azure Virtual Machine Scale SetAzureInfrastructure Security
MEDIUM
AC_AZURE_0361Ensure overprovisioning is disabled for Azure Virtual Machine Scale SetAzureLogging and Monitoring
LOW
AC_GCP_0020Ensure private cluster is enabled for Google Container ClusterGCPInfrastructure Security
HIGH
AC_GCP_0195Ensure that multi-factor authentication is enabled for all non-service accountsGCPIdentity and Access Management
LOW
AC_GCP_0288Ensure only selected container registries are allowed through Google Binary Authorization PolicyGCPSecurity Best Practices
MEDIUM
AC_GCP_0295Ensure node metadata is concealed for Google Container Node PoolGCPSecurity Best Practices
LOW
AC_K8S_0018Ensure that the --authorization-mode argument includes RBACKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0019Ensure that the admission control plugin EventRateLimit is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0023Ensure that the admission control plugin ServiceAccount is setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0030Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0033Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateKubernetesLogging and Monitoring
MEDIUM
AC_K8S_0036Ensure that the --service-account-lookup argument is set to trueKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0042Ensure that the --encryption-provider-config argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0052Ensure that the --profiling argument is set to falseKubernetesLogging and Monitoring
LOW
AC_K8S_0060Ensure that the --auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0062Ensure that the --peer-client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0063Ensure that the --peer-auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0067Ensure Kubernetes dashboard is not deployedKubernetesData Protection
MEDIUM
AC_K8S_0088Ensure mounting Docker socket daemon in a container is limitedKubernetesInfrastructure Security
MEDIUM
AC_K8S_0098Ensure CPU limit is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0115Ensure security context is applied to pods and containers with SELinux configuredKubernetesSecurity Best Practices
MEDIUM
AC_AZURE_0148Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_setAzureData Protection
MEDIUM
AC_GCP_0015Ensure Node Auto-Repair is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_GCP_0032Ensure Legacy Networks Do Not Exist for Older ProjectsGCPInfrastructure Security
LOW
AC_GCP_0037Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM InstanceGCPInfrastructure Security
MEDIUM
AC_GCP_0282Ensure That Compute Instances Do Not Have Public IP AddressesGCPInfrastructure Security
MEDIUM
AC_GCP_0296Ensure Container-Optimized OS (cos_containerd) is used for GKE node imagesGCPCompliance Validation
LOW
AC_GCP_0319Ensure Integrity Monitoring for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW
AC_K8S_0039Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0040Ensure that a Client CA File is ConfiguredKubernetesData Protection
MEDIUM
AC_K8S_0051Prefer using secrets as files over secrets as environment variablesKubernetesInfrastructure Security
HIGH
AC_K8S_0082Minimize the admission of containers wishing to share the host process ID namespaceKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0094Ensure that the --authorization-mode argument is not set to AlwaysAllowKubernetesIdentity and Access Management
MEDIUM
AC_AWS_0006Ensure Amazon Machine Image (AMI) is not shared among multiple accountsAWSInfrastructure Security
MEDIUM
AC_AWS_0025Ensure there is no policy with invalid principal format for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
LOW
AC_AWS_0095Ensure potential PASSWORD information is not disclosed in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0168Ensure there are no hard coded keys used in base64 encoded value of AWS Launch ConfigurationAWSData Protection
HIGH
AC_AWS_0392Ensure public IP address is not used AWS EC2 instancesAWSInfrastructure Security
HIGH