Tenable.cs Policies

Search

IDNameCSPDomainSeverity
AC_GCP_0001Ensure that Cloud SQL database instances are configured with automated backupsGCPResilience
MEDIUM
AC_GCP_0002Ensure that the Cloud SQL database instance requires all incoming connections to use SSLGCPInfrastructure Security
HIGH
AC_GCP_0003Ensure that Cloud SQL database instances are not open to the worldGCPInfrastructure Security
HIGH
AC_GCP_0004Ensure that there are only GCP-managed service account keys for each service accountGCPIdentity and Access Management
LOW
AC_GCP_0005Ensure that Service Account has no Admin privilegesGCPIdentity and Access Management
HIGH
AC_GCP_0006Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project levelGCPIdentity and Access Management
HIGH
AC_GCP_0007Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project levelGCPIdentity and Access Management
HIGH
AC_GCP_0008Ensure that corporate login credentials are usedGCPIdentity and Access Management
LOW
AC_GCP_0009Ensure that Cloud Audit Logging is configured properly across all services and all users from a projectGCPLogging and Monitoring
LOW
AC_GCP_0010Ensure that the default network does not exist in a projectGCPInfrastructure Security
LOW
AC_GCP_0011Ensure KMS encryption keys are rotated within a period of 90 daysGCPSecurity Best Practices
LOW
AC_GCP_0012Ensure a key rotation mechanism within a 365 day period is implemented for Google KMS Crypto KeyGCPSecurity Best Practices
LOW
AC_GCP_0013Ensure '3625 (trace flag)' database flag for Cloud SQL Server instance is set to 'off'GCPCompliance Validation
LOW
AC_GCP_0014Ensure that DNSSEC is enabled for Cloud DNSGCPInfrastructure Security
MEDIUM
AC_GCP_0015Ensure Node Auto-Upgrade is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_GCP_0016Ensure container-optimized OS (COS) is used for Google Container Node PoolGCPCompliance Validation
LOW
AC_GCP_0017Ensure Node Auto-Upgrade is enabled for GKE nodesGCPSecurity Best Practices
LOW
AC_GCP_0018Ensure that Alpha clusters are not used for production workloadsGCPSecurity Best Practices
LOW
AC_GCP_0019Ensure labels are configured for Google Container ClusterGCPCompliance Validation
LOW
AC_GCP_0020Ensure private cluster is enabled for Google Container ClusterGCPInfrastructure Security
HIGH
AC_GCP_0021Ensure basic authentication is disabled on Google Container ClusterGCPIdentity and Access Management
HIGH
AC_GCP_0022Ensure PodSecurityPolicy controller is enabled on Google Container ClusterGCPCompliance Validation
HIGH
AC_GCP_0023Ensure control plane is not public for Google Container ClusterGCPInfrastructure Security
HIGH
AC_GCP_0024Ensure authentication using Client Certificates is DisabledGCPIdentity and Access Management
MEDIUM
AC_GCP_0025Ensure use of VPC-native clustersGCPCompliance Validation
HIGH
AC_GCP_0026Ensure network policy is enabled on Google Container ClusterGCPInfrastructure Security
HIGH
AC_GCP_0027Ensure Master Authorized Networks is EnabledGCPInfrastructure Security
HIGH
AC_GCP_0028Ensure Legacy Authorization (ABAC) is DisabledGCPIdentity and Access Management
HIGH
AC_GCP_0029Ensure stackdriver monitoring is enabled on Google Container ClusterGCPLogging and Monitoring
HIGH
AC_GCP_0030Ensure Stackdriver Kubernetes Logging and Monitoring is EnabledGCPLogging and Monitoring
HIGH
AC_GCP_0031Ensure private google access is enabled for Google Compute SubnetworkGCPInfrastructure Security
MEDIUM
AC_GCP_0032Ensure legacy networks do not exist for a projectGCPInfrastructure Security
LOW
AC_GCP_0033Ensure that VPC Flow Logs is enabled for every subnet in a VPC NetworkGCPLogging and Monitoring
MEDIUM
AC_GCP_0034Ensure latest TLS version is used for Google Compute SSL PolicyGCPInfrastructure Security
MEDIUM
AC_GCP_0035Ensure Compute instances are launched with Shielded VM enabledGCPInfrastructure Security
LOW
AC_GCP_0036Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute InstanceGCPData Protection
MEDIUM
AC_GCP_0037Ensure 'Enable connecting to serial ports' is not enabled for VM InstanceGCPInfrastructure Security
MEDIUM
AC_GCP_0038Ensure default setting for OSLogin is not overridden by Google Compute InstanceGCPIdentity and Access Management
LOW
AC_GCP_0039Ensure "Block Project-wide SSH keys" is enabled for VM instancesGCPInfrastructure Security
LOW
AC_GCP_0040Ensure that instances are not configured to use the default service accountGCPIdentity and Access Management
HIGH
AC_GCP_0041Ensure default service accounts having complete cloud access are not used by Google Compute InstanceGCPInfrastructure Security
HIGH
AC_GCP_0042Ensure Cassandra OpsCenter agent (TCP:61621) is not exposed to more than 32 private hosts for Google Compute FirewallGCPInfrastructure Security
LOW
AC_GCP_0043Ensure Cassandra OpsCenter agent (TCP:61621) is not exposed to public for Google Compute FirewallGCPInfrastructure Security
MEDIUM
AC_GCP_0044Ensure Cassandra OpsCenter agent (TCP:61621) is not exposed to entire internet for Google Compute FirewallGCPInfrastructure Security
HIGH
AC_GCP_0045Ensure Mongo Web Portal (TCP:27018) is not exposed to more than 32 private hosts for Google Compute FirewallGCPInfrastructure Security
LOW
AC_GCP_0046Ensure Mongo Web Portal (TCP:27018) is not exposed to public for Google Compute FirewallGCPInfrastructure Security
MEDIUM
AC_GCP_0047Ensure Mongo Web Portal (TCP:27018) is not exposed to entire internet for Google Compute FirewallGCPInfrastructure Security
HIGH
AC_GCP_0048Ensure Puppet Master (TCP:8140) is not exposed to more than 32 private hosts for Google Compute FirewallGCPInfrastructure Security
LOW
AC_GCP_0049Ensure Puppet Master (TCP:8140) is not exposed to public for Google Compute FirewallGCPInfrastructure Security
MEDIUM
AC_GCP_0050Ensure Puppet Master (TCP:8140) is not exposed to entire internet for Google Compute FirewallGCPInfrastructure Security
HIGH