Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0014Ensure resource ARNs do not have region missing in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0030Ensure valid account number format is used in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0040Ensure IAM policies with NotAction and NotResource are not attached or usedAWSIdentity and Access Management
HIGH
AC_AWS_0042Ensure standard password policy must be followed with password at least 14 characters longAWSIdentity and Access Management
MEDIUM
AC_AWS_0045Ensure 'password policy' is enabled - at least 1 upper case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0046Ensure 'password policy' is enabled - at least 1 symbolAWSIdentity and Access Management
MEDIUM
AC_AWS_0050Ensure `arn` prefix is in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0132Ensure no root user account access key existsAWSIdentity and Access Management
HIGH
AC_AWS_0134Ensure password policy requires at least one lowercase character for AWS IAM Account Password PolicyAWSCompliance Validation
LOW
AC_AWS_0138Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AWS_0413Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP addressAWSIdentity and Access Management
LOW
AC_AWS_0426Ensure that initial login requires password reset for AWS IAM UsersAWSCompliance Validation
HIGH
AC_AWS_0432Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0438Ensure that there are no orphan in AWS IAM groupsAWSCompliance Validation
LOW
AC_AWS_0471Ensure correct combination of JSON policy elements is used in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0474Ensure global condition key is not used in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0493Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0496Ensure IAM Policies were not configured with versions in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0498Ensure there is no IAM policy with invalid condition operatorAWSIdentity and Access Management
LOW
AC_AWS_0501Ensure Adding a valid base64-encoded string value for the condition operatorAWSIdentity and Access Management
LOW
AC_AZURE_0387Ensure That No Custom Subscription Owner Roles Are CreatedAzureIdentity and Access Management
MEDIUM
AC_AZURE_0388Ensure guest users are disabled for Azure Role AssignmentAzureIdentity and Access Management
HIGH
AC_GCP_0247Ensure IAM roles do not impersonate or manage service accounts used at organization level for Google CloudGCPIdentity and Access Management
HIGH
AC_GCP_0336Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to UsersGCPIdentity and Access Management
LOW
AC_AWS_0019Ensure there is no policy with Empty array ActionAWSIdentity and Access Management
LOW
AC_AWS_0026Ensure there is no IAM policy with invalid region used for resource ARNAWSIdentity and Access Management
LOW
AC_AWS_0027Ensure there is no IAM policy with invalid partition used for resource ARNAWSIdentity and Access Management
LOW
AC_AWS_0031Ensure only lower case letters are in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0141Ensure password policy requires minimal length of 7 for AWS IAM Account Password PolicyAWSCompliance Validation
MEDIUM
AC_AWS_0398Ensure actions 'kms:Decrypt' and 'kms:ReEncryptFrom' are not allowed for all keys in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0404Ensure Principal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0405Ensure NotPrincipal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0410Ensure wildcards(*) are only at end of strings in Action of AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0420Ensure there is no policy with Empty array ConditionAWSIdentity and Access Management
LOW
AC_AWS_0433Ensure cloud users don't have any direct permissions in AWS IAM User Policy AttachmentAWSIdentity and Access Management
MEDIUM
AC_AWS_0470Ensure cloud users don't have any direct permissions in AWS IAM User PolicyAWSIdentity and Access Management
MEDIUM
AC_AWS_0478Ensure that IP range is specified in CIDR format for AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0489Ensure Creation of SLR with NotResource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0495Ensure Creation of SLR with star (*) in NotAction and resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0593Ensure that IAM Access analyzer is enabled for all regionsAWSInfrastructure Security
MEDIUM
AC_AWS_0598Ensure a support role has been created to manage incidents with AWS SupportAWSIdentity and Access Management
MEDIUM
AC_AWS_0599Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removedAWSIdentity and Access Management
MEDIUM
AC_AWS_0600Ensure there is only one active access key available for any single IAM userAWSIdentity and Access Management
MEDIUM
AC_AZURE_0389Ensure resource lock enabled for Azure Resource GroupAzureIdentity and Access Management
LOW
AC_GCP_0248Ensure default service account is not used at organization level for Google CloudGCPIdentity and Access Management
HIGH
AC_GCP_0275Ensure multi-factor authentication is enabled for Google Compute Project MetadataGCPSecurity Best Practices
LOW
AC_AWS_0627Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0634Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH
AC_AWS_0028Ensure IAM policies with wildcard (*) resource and NotAction are not attached or usedAWSIdentity and Access Management
HIGH
AC_AWS_0029Ensure correct key format is used for condition in AWS IAM PolicyAWSSecurity Best Practices
LOW