Tenable.cs Policies Search

IDNameCSPDomainSeverity
AC_AWS_0408Ensure Effect is set to 'Deny' if NotAction is used in AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0409Ensure Effect is set to 'Deny' if Condition is used in AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0467Ensure CORS is configured to prevent sharing across all domains for AWS API Gateway V2 APIAWSSecurity Best Practices
MEDIUM
AC_AWS_0546Ensure load balancer health checks are used for AWS Auto Scaling GroupsAWSSecurity Best Practices
MEDIUM
AC_AWS_0566Ensure a log metric filter and alarm exist for AWS Config configuration changesAWSSecurity Best Practices
HIGH
AC_AWS_0586Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0587Ensure a log metric filter and alarm exist for usage of 'root' accountAWSSecurity Best Practices
HIGH
AC_AWS_0588Ensure a log metric filter and alarm exist for AWS Management Console authentication failuresAWSSecurity Best Practices
HIGH
AC_AZURE_0110Ensure backup is enabled using Azure Backup for Azure Windows Virtual MachinesAzureSecurity Best Practices
LOW
AC_AZURE_0120Ensure that authentication feature is enabled for Azure Windows Function AppAzureSecurity Best Practices
LOW
AC_AZURE_0250Ensure integration service environment are used for deployment of Azure Logic App WorkflowAzureSecurity Best Practices
LOW
AC_AZURE_0251Ensure key size is set on all keys for Azure Key Vault KeyAzureSecurity Best Practices
MEDIUM
AC_GCP_0012Ensure a key rotation mechanism within a 365 day period is implemented for Google KMS Crypto KeyGCPSecurity Best Practices
LOW
AC_GCP_0018Ensure that Alpha clusters are not used for production workloadsGCPSecurity Best Practices
LOW
S3_AWS_0005Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_AWS_0021Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0022Ensure termination protection is enabled for AWS CloudFormation StackAWSSecurity Best Practices
MEDIUM
AC_AWS_0029Ensure correct key format is used for condition in AWS IAM PolicyAWSSecurity Best Practices
LOW
AC_AWS_0366Ensure Server Side Encryption (SSE) is enabled Amazon Simple Queue Service (SQS) queueAWSSecurity Best Practices
HIGH
AC_AWS_0559Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0445Ensure policies are used for AWS CloudFormation StacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0558Ensure a log metric filter and alarm exist for Management Console sign-in without MFAAWSSecurity Best Practices
HIGH
AC_AWS_0571Ensure a log metric filter and alarm exist for VPC changesAWSSecurity Best Practices
HIGH
AC_AZURE_0112Ensure Time To Live (TTL) of the DNS record is not more than 60 minutes for Azure Private DNS Cname RecordAzureSecurity Best Practices
MEDIUM
AC_AZURE_0267Ensure that 'Phone number' is set for Azure Security Center ContactAzureSecurity Best Practices
MEDIUM
AC_AZURE_0288Ensure password authentication is disabled for Azure Linux Virtual MachineAzureSecurity Best Practices
MEDIUM
AC_AZURE_0300Ensure virtual network is used to deploy Azure Container GroupAzureSecurity Best Practices
MEDIUM
AC_AZURE_0385Ensure that standard pricing tiers are selected in Azure Security Center Subscription PricingAzureSecurity Best Practices
MEDIUM
AC_AZURE_0395Ensure missing service endpoints are disabled for Azure PostgreSQL Virtual Network RuleAzureSecurity Best Practices
MEDIUM
AC_GCP_0242Ensure default service account is not used for project access in Google Container ClusterGCPSecurity Best Practices
HIGH
AC_GCP_0265Ensure sharing of service account credentials is restricted using Google Service AccountGCPSecurity Best Practices
MEDIUM
AC_GCP_0291Ensure oslogin is enabled for a Project - google_compute_project_metadataGCPSecurity Best Practices
LOW
AC_K8S_0119Ensure protocols are explicitly declared where possible for Istio ServicesKubernetesSecurity Best Practices
MEDIUM
AC_AWS_0161Ensure deletion window for Customer Managed Keys (CMK) is enabled for AWS Key Management Service (KMS)AWSSecurity Best Practices
HIGH
AC_AWS_0225Ensure network isolation is enabled for AWS SageMakerAWSSecurity Best Practices
MEDIUM
AC_AWS_0367Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway VolumesAWSSecurity Best Practices
HIGH
AC_AWS_0370Ensure default VPC is not used for AWS VPCAWSSecurity Best Practices
MEDIUM
AC_AWS_0386Ensure that IAM permissions do not lead to exposure of secretsAWSSecurity Best Practices
HIGH
AC_AWS_0444Ensure AWS CloudFormation is used for managing an AWS AccountAWSSecurity Best Practices
LOW
AC_AWS_0505Ensure valid account number format is used in Amazon Elastic Container Registry (Amazon ECR)AWSSecurity Best Practices
LOW
AC_AWS_0504Ensure valid account number format is used in AWS API Gateway Rest API PolicyAWSSecurity Best Practices
LOW
AC_AWS_0503Ensure valid account number format is used in Amazon Simple Queue Service (SQS) QueueAWSSecurity Best Practices
LOW
AC_AWS_0502Ensure valid account number format is used in Amazon Simple Notification Service (SNS) TopicAWSSecurity Best Practices
LOW
AC_AWS_0564Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKsAWSSecurity Best Practices
HIGH
AC_AWS_0567Ensure a log metric filter and alarm exist for security group changesAWSSecurity Best Practices
HIGH
AC_AWS_0577Ensure tags are defined for AWS NAT GatewaysAWSSecurity Best Practices
LOW
AC_AWS_0579Ensure multiple availability zones are used to deploy AWS NAT GatewaysAWSSecurity Best Practices
MEDIUM
AC_AZURE_0108Ensure public IP addresses are not assigned to Azure Windows Virtual MachinesAzureSecurity Best Practices
HIGH
AC_AZURE_0113Ensure backup is enabled using Azure Backup for Azure Linux Virtual MachinesAzureSecurity Best Practices
LOW
AC_AZURE_0162Ensure secrets have content type set for Azure Key Vault SecretAzureSecurity Best Practices
MEDIUM