Tenable Cloud Security Policies

Search

IDNameCSPDomainSeverity
AC_AWS_0001Ensure AWS ACM only has certificates with single domain names, and none with wildcard domain namesAWSCompliance Validation
LOW
AC_AWS_0002Ensure AWS Certificate Manager (ACM) certificates are renewed 30 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0003Ensure AWS Certificate Manager (ACM) certificates are renewed 7 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0004Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration dateAWSInfrastructure Security
MEDIUM
AC_AWS_0005Ensure encryption is enabled for Amazon Machine Image (AMI)AWSInfrastructure Security
MEDIUM
AC_AWS_0006Ensure Amazon Machine Image (AMI) is not shared among multiple accountsAWSInfrastructure Security
MEDIUM
AC_AWS_0007Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method SettingsAWSLogging and Monitoring
MEDIUM
AC_AWS_0008Ensure stage caching is enabled for AWS API Gateway Method SettingsAWSCompliance Validation
MEDIUM
AC_AWS_0009Ensure stage cache have encryption enabled for AWS API Gateway Method SettingsAWSLogging and Monitoring
MEDIUM
AC_AWS_0010Ensure that content encoding is enabled for API Gateway Rest APIAWSInfrastructure Security
MEDIUM
AC_AWS_0011Ensure that the endpoint type is set to private for API Gateway Rest APIAWSInfrastructure Security
MEDIUM
AC_AWS_0012Ensure CloudWatch Logs are enabled for AWS API Gateway StageAWSLogging and Monitoring
MEDIUM
AC_AWS_0013Ensure SSL Client Certificate is enabled for AWS API Gateway StageAWSInfrastructure Security
MEDIUM
AC_AWS_0014Ensure resource ARNs do not have region missing in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0015Ensure AWS WAF ACL is associated with AWS API Gateway StageAWSLogging and Monitoring
LOW
AC_AWS_0016Ensure Auto-scaling is configured for both index and tables in AWS DynamoDbAWSCompliance Validation
MEDIUM
AC_AWS_0017Ensure egress filter is set as 'DROP_ALL' for AWS Application MeshAWSInfrastructure Security
MEDIUM
AC_AWS_0018Ensure encryption is enabled for AWS Athena QueryAWSData Protection
MEDIUM
AC_AWS_0019Ensure there is no policy with Empty array ActionAWSIdentity and Access Management
LOW
AC_AWS_0020Ensure failover criteria is set for AWS Cloudfront DistributionAWSResilience
MEDIUM
AC_AWS_0021Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0022Ensure termination protection is enabled for AWS CloudFormation StackAWSSecurity Best Practices
MEDIUM
AC_AWS_0023Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policyAWSIdentity and Access Management
LOW
AC_AWS_0024Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
LOW
AC_AWS_0025Ensure there is no policy with invalid principal format for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
LOW
AC_AWS_0026Ensure there is no IAM policy with invalid region used for resource ARNAWSIdentity and Access Management
LOW
AC_AWS_0027Ensure there is no IAM policy with invalid partition used for resource ARNAWSIdentity and Access Management
LOW
AC_AWS_0028Ensure IAM policies with wildcard (*) resource and NotAction are not attached or usedAWSIdentity and Access Management
HIGH
AC_AWS_0029Ensure correct key format is used for condition in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0030Ensure valid account number format is used in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0031Ensure only lower case letters are in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0032Ensure a web application firewall is enabled for AWS CloudFront distributionAWSInfrastructure Security
MEDIUM
AC_AWS_0033Ensure CloudTrail logs are encrypted at rest using KMS CMKsAWSLogging and Monitoring
HIGH
AC_AWS_0034Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_AWS_0035Ensure Amazon Simple Notification Service (SNS) topic is defined for notifying log file delivery for AWS CloudTrailAWSLogging and Monitoring
MEDIUM
AC_AWS_0036Ensure CloudTrail log file validation is enabledAWSLogging and Monitoring
MEDIUM
AC_AWS_0037Ensure logging for global services is enabled for AWS CloudTrailAWSLogging and Monitoring
MEDIUM
AC_AWS_0038Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AWS_0039Ensure data events logging is enabled for AWS CloudTrail trailsAWSLogging and Monitoring
MEDIUM
AC_AWS_0040Ensure IAM policies with NotAction and NotResource are not attached or usedAWSIdentity and Access Management
HIGH
AC_AWS_0041Ensure resource ARNs do not have arn field missing in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0042Ensure standard password policy must be followed with password at least 14 characters longAWSIdentity and Access Management
MEDIUM
AC_AWS_0043Ensure temporary passwords are not valid for more than 90 daysAWSIdentity and Access Management
MEDIUM
AC_AWS_0044Ensure 'password policy' is enabled - at least 1 lower case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0045Ensure 'password policy' is enabled - at least 1 upper case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0046Ensure 'password policy' is enabled - at least 1 symbolAWSIdentity and Access Management
MEDIUM
AC_AWS_0047Ensure 'password policy' is enabled - at least 1 numberAWSIdentity and Access Management
MEDIUM
AC_AWS_0048Ensure Elastic Block Store (EBS) volumes are encrypted through AWS ConfigAWSData Protection
MEDIUM
AC_AWS_0049Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0050Ensure `arn` prefix is in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW