Tenable.cs Policies Search

IDNameCSPDomainSeverity
AC_AWS_0131Ensure intelligent threat detection is enabled for all regions via AWS GuardDuty DetectorAWSLogging and Monitoring
MEDIUM
AC_AWS_0503Ensure valid account number format is used in Amazon Simple Queue Service (SQS) QueueAWSSecurity Best Practices
LOW
AC_AWS_0413Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP addressAWSIdentity and Access Management
LOW
AC_AWS_0424Ensure direct access from the internet is disabled for AWS SageMaker Notebook instancesAWSData Protection
HIGH
AC_AWS_0426Ensure that initial login requires password reset for AWS IAM UsersAWSCompliance Validation
HIGH
AC_AWS_0432Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0435Ensure access logging is enabled for AWS LB (Load Balancer)AWSLogging and Monitoring
MEDIUM
AC_AWS_0438Ensure that there are no orphan in AWS IAM groupsAWSCompliance Validation
LOW
AC_AWS_0440Ensure deletion protection is enabled for AWS LB (Load Balancer)AWSInfrastructure Security
MEDIUM
AC_AWS_0446Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AWS_0466Ensure IAM policy is attached to Amazon Elastic Container Registry (Amazon ECR) repositoryAWSIdentity and Access Management
MEDIUM
AC_AWS_0471Ensure correct combination of JSON policy elements is used in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0474Ensure global condition key is not used in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0485Ensure there is no policy with an invalid principal format for Amazon Simple Queue Service (SQS) TopicAWSIdentity and Access Management
LOW
AC_AWS_0493Ensure Creation of SLR with star (*) in resource is not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0496Ensure IAM Policies were not configured with versions in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0498Ensure there is no IAM policy with invalid condition operatorAWSIdentity and Access Management
LOW
AC_AWS_0501Ensure Adding a valid base64-encoded string value for the condition operatorAWSIdentity and Access Management
LOW
AC_AWS_0502Ensure valid account number format is used in Amazon Simple Notification Service (SNS) TopicAWSSecurity Best Practices
LOW
AC_AWS_0511Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0512Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0518Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0522Ensure Cassandra Thrift (TCP:9160) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0541Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0545Ensure environment variables do not contain any credentials in AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AWS_0549Ensure geo-restriction is enabled for AWS CloudFrontAWSInfrastructure Security
LOW
AC_AWS_0564Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKsAWSSecurity Best Practices
HIGH
AC_AWS_0567Ensure a log metric filter and alarm exist for security group changesAWSSecurity Best Practices
HIGH
AC_AWS_0574Ensure that Object-level logging for write events is enabled for S3 bucketAWSIdentity and Access Management
HIGH
AC_AWS_0577Ensure tags are defined for AWS NAT GatewaysAWSSecurity Best Practices
LOW
AC_AWS_0579Ensure multiple availability zones are used to deploy AWS NAT GatewaysAWSSecurity Best Practices
MEDIUM
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_AWS_0607Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AWS_0610Ensure no security groups allow ingress from ::/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0618Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLsAWSIdentity and Access Management
MEDIUM
AC_AWS_0010Ensure that content encoding is enabled for API Gateway Rest APIAWSInfrastructure Security
MEDIUM
AC_AWS_0014Ensure resource ARNs do not have region missing in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0015Ensure AWS WAF ACL is associated with AWS API Gateway StageAWSLogging and Monitoring
LOW
AC_AWS_0030Ensure valid account number format is used in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0032Ensure a web application firewall is enabled for AWS CloudFront distributionAWSInfrastructure Security
MEDIUM
AC_AWS_0040Ensure IAM policies with NotAction and NotResource are not attached or usedAWSIdentity and Access Management
HIGH
AC_AWS_0042Ensure standard password policy must be followed with password at least 14 characters longAWSIdentity and Access Management
MEDIUM
AC_AWS_0045Ensure 'password policy' is enabled - at least 1 upper case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0046Ensure 'password policy' is enabled - at least 1 symbolAWSIdentity and Access Management
MEDIUM
AC_AWS_0050Ensure `arn` prefix is in use for resource in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0051Ensure event subscriptions are enabled for instance level eventsAWSLogging and Monitoring
MEDIUM
AC_AWS_0052Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0053Ensure IAM authentication is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
MEDIUM
AC_AWS_0059Ensure master username does not use commonly predicted usernames for Amazon Relational Database Service (Amazon RDS) instancesAWSIdentity and Access Management
MEDIUM
AC_AWS_0061Ensure active directory remains in use to authenticate users for Amazon Relational Database Service (Amazon RDS) InstancesAWSCompliance Validation
MEDIUM