Detections
Analytics

Tenable Cloud Security Policies

Search

IDNameCSPDomainSeverity
AC_AWS_0101Ensure public access is disabled for AWS Elastic Kubernetes Service (EKS) API serversAWSInfrastructure Security
MEDIUM
AC_AWS_0102Ensure redis version is compliant with AWS PCI-DSS requirements for AWS ElastiCache clustersAWSCompliance Validation
HIGH
AC_AWS_0103Ensure memcached elasticache engines are not in use in AWS PCI-DSS environments for AWS ElastiCache clustersAWSCompliance Validation
HIGH
AC_AWS_0104Ensure multi-az is configured for AWS ElastiCache ClustersAWSResilience
MEDIUM
AC_AWS_0105Ensure slow logs (index slow logs) are enabled for AWS ElasticSearch DomainAWSCompliance Validation
MEDIUM
AC_AWS_0106Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domainAWSIdentity and Access Management
HIGH
AC_AWS_0107Ensure dedicated master nodes are enabled for AWS ElasticSearch DomainsAWSLogging and Monitoring
MEDIUM
AC_AWS_0108Ensure general purpose SSD node type is not used for AWS ElasticSearch DomainsAWSCompliance Validation
HIGH
AC_AWS_0109Ensure latest version of elasticsearch engine is used for AWS ElasticSearch DomainsAWSCompliance Validation
MEDIUM
AC_AWS_0110Ensure ElasticSearch Zone Awareness is enabledAWSResilience
MEDIUM
AC_AWS_0111Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0112Ensure encryption at-rest is enabled for AWS ElasticSearch DomainsAWSData Protection
HIGH
AC_AWS_0113Ensure Amazon cognito authentication is enabled for AWS ElasticSearch DomainAWSIdentity and Access Management
MEDIUM
AC_AWS_0114Ensure node-to-node encryption is enabled for AWS ElasticSearch DomainsAWSData Protection
MEDIUM
AC_AWS_0115Ensure HTTPS-only is enforced for AWS ElasticSearch DomainAWSInfrastructure Security
MEDIUM
AC_AWS_0116Ensure advanced security options are enabled for AWS ElasticSearch DomainAWSInfrastructure Security
HIGH
AC_AWS_0117Ensure latest TLS version is used for AWS ElasticSearch NodesAWSInfrastructure Security
MEDIUM
AC_AWS_0118Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain_policyAWSIdentity and Access Management
HIGH
AC_AWS_0119Ensure permissions are tightly controlled for AWS ElasticSearch DomainsAWSIdentity and Access Management
HIGH
AC_AWS_0120Ensure AWS ELB has one listener configured to listen for HTTPs trafficAWSInfrastructure Security
LOW
AC_AWS_0121Ensure cross zone load balancing is enabled for AWS ELBAWSResilience
MEDIUM
AC_AWS_0122Ensure connection draining is enabled for AWS ELBAWSResilience
MEDIUM
AC_AWS_0123Ensure access logging is enabled for AWS ELBAWSLogging and Monitoring
MEDIUM
AC_AWS_0124Ensure termination protection is enabled for AWS EMR clustersAWSResilience
MEDIUM
AC_AWS_0125Ensure public access is disabled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0126Ensure permissions are tightly controlled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0127Ensure flow logs are enabled for AWS Global AcceleratorAWSLogging and Monitoring
MEDIUM
AC_AWS_0128Ensure S3 encryption configuration is configured for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0129Ensure CloudWatch log encryption is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0130Ensure 'Job Bookmark Encryption' is enabled for AWS Glue CrawlersAWSData Protection
MEDIUM
AC_AWS_0131Ensure intelligent threat detection is enabled for all regions via AWS GuardDuty DetectorAWSLogging and Monitoring
MEDIUM
AC_AWS_0132Ensure no root user account access key existsAWSIdentity and Access Management
HIGH
AC_AWS_0133Ensure there is no IAM user with permanent programmatic accessAWSIdentity and Access Management
MEDIUM
AC_AWS_0134Ensure password policy requires at least one lowercase character for AWS IAM Account Password PolicyAWSCompliance Validation
LOW
AC_AWS_0135Ensure IAM password policy requires at least one uppercase letterAWSCompliance Validation
MEDIUM
AC_AWS_0136Ensure IAM password policy requires minimum length of 14 or greaterAWSCompliance Validation
MEDIUM
AC_AWS_0137Eliminate use of the root user for administrative and daily tasksAWSCompliance Validation
MEDIUM
AC_AWS_0138Ensure credentials unused for 45 days or greater are disabledAWSCompliance Validation
LOW
AC_AWS_0139Ensure password policy requires rotation every 60 days or less for AWS IAM Account Password PolicyAWSCompliance Validation
LOW
AC_AWS_0140Ensure IAM password policy prevents password reuseAWSCompliance Validation
LOW
AC_AWS_0141Ensure password policy requires minimal length of 7 for AWS IAM Account Password PolicyAWSCompliance Validation
MEDIUM
AC_AWS_0142Ensure IAM password policy requires minimum length of 14 or greaterAWSCompliance Validation
MEDIUM
AC_AWS_0144Ensure IAM policies that allow full "*:*" administrative privileges are not attachedAWSIdentity and Access Management
HIGH
AC_AWS_0145Ensure that full access to edit IAM Policies is restrictedAWSIdentity and Access Management
HIGH
AC_AWS_0146Ensure IAM policies that allow full administrative privileges are not created and attached inline to a roleAWSIdentity and Access Management
HIGH
AC_AWS_0147Ensure full administrative privileges are not created and are attached to a role using AWS IAM Role PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0148Ensure that every AWS account has a minimum password length policy for AWS IAM User Login ProfileAWSCompliance Validation
HIGH
AC_AWS_0149Ensure no user can assume the role without MFA is specified in the condition parameter of AWS IAM User PolicyAWSCompliance Validation
LOW
AC_AWS_0150Ensure a log metric filter and alarm exist for AWS NAT GatewaysAWSSecurity Best Practices
HIGH
AC_AWS_0151Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH