Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_K8S_0021Ensure that the admission control plugin AlwaysPullImages is setKubernetesCompliance Validation
MEDIUM
AC_K8S_0026Ensure that the admission control plugin NodeRestriction is setKubernetesIdentity and Access Management
MEDIUM
AC_K8S_0044Ensure that the --terminated-pod-gc-threshold argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0053Ensure that the --use-service-account-credentials argument is set to trueKubernetesIdentity and Access Management
LOW
AC_AZURE_0169Ensure that logging for Azure KeyVault is 'Enabled'AzureLogging and Monitoring
HIGH
AC_AWS_0007Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method SettingsAWSLogging and Monitoring
MEDIUM
AC_AZURE_0171Ensure zone resiliency is turned on for all Azure ImageAzureResilience
LOW
AC_AZURE_0181Ensure Azure services are zone redundant for Azure Eventhub NamespaceAzureResilience
MEDIUM
AC_AZURE_0044Ensure that Azure Active Directory Admin is Configured for SQL ServersAzureIdentity and Access Management
HIGH
AC_AZURE_0332Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'AzureCompliance Validation
MEDIUM
AC_GCP_0336Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to UsersGCPIdentity and Access Management
LOW
AC_K8S_0062Ensure that the --peer-client-cert-auth argument is set to trueKubernetesInfrastructure Security
MEDIUM
AC_K8S_0063Ensure that the --peer-auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_AZURE_0247Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web AppAzureConfiguration and Vulnerability Analysis
MEDIUM
AC_K8S_0032Ensure that the --audit-log-maxage argument is set to 30 or as appropriateKubernetesLogging and Monitoring
MEDIUM
S3_AWS_0005Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_AZURE_0156Enable role-based access control (RBAC) within Azure Kubernetes ServicesAzureIdentity and Access Management
MEDIUM
AC_AWS_0151Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordAWSCompliance Validation
HIGH
AC_AWS_0585Ensure CloudTrail trails are integrated with CloudWatch LogsAWSLogging and Monitoring
MEDIUM
AC_AZURE_0409Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_AZURE_0555Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'AzureData Protection
MEDIUM
AC_AZURE_0328Ensure that Microsoft Defender for App Service is set to 'On'AzureIdentity and Access Management
MEDIUM
AC_GCP_0027Ensure Master Authorized Networks is EnabledGCPInfrastructure Security
HIGH
AC_K8S_0055Ensure that the --root-ca-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_GCP_0296Ensure Container-Optimized OS (cos_containerd) is used for GKE node imagesGCPCompliance Validation
LOW
AC_K8S_0060Ensure that the --auto-tls argument is not set to trueKubernetesInfrastructure Security
MEDIUM
AC_GCP_0271Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW
AC_AZURE_0170Ensure the key vault is recoverable - soft_delete_enabledAzureData Protection
MEDIUM
AC_AZURE_0387Ensure That No Custom Subscription Owner Roles Are CreatedAzureIdentity and Access Management
MEDIUM
AC_AZURE_0375Ensure that 'Auditing' Retention is 'greater than 90 days'AzureCompliance Validation
LOW
AC_GCP_0025Ensure use of VPC-native clustersGCPCompliance Validation
HIGH
AC_GCP_0030Ensure Stackdriver Kubernetes Logging and Monitoring is EnabledGCPLogging and Monitoring
HIGH
AC_GCP_0337Ensure Cloud Asset Inventory Is EnabledGCPLogging and Monitoring
MEDIUM
AC_K8S_0090Ensure that the --basic-auth-file argument is not setKubernetesIdentity and Access Management
MEDIUM
AC_AWS_0428Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_AWS_0186Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSData Protection
HIGH
AC_AZURE_0085Ensure that logging for Azure Key Vault is 'Enabled'AzureLogging and Monitoring
HIGH
AC_AZURE_0148Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_setAzureData Protection
MEDIUM
AC_AZURE_0338Ensure that Activity Log Alert exists for Delete Security SolutionAzureLogging and Monitoring
MEDIUM
AC_AZURE_0343Ensure that Activity Log Alert exists for Create or Update Network Security GroupAzureLogging and Monitoring
MEDIUM
AC_AZURE_0396Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database ServerAzureLogging and Monitoring
MEDIUM
AC_AZURE_0585Ensure that 'Data encryption' is set to 'On' on a SQL DatabaseAzureData Protection
MEDIUM
AC_GCP_0319Ensure Integrity Monitoring for Shielded GKE Nodes is EnabledGCPInfrastructure Security
LOW
AC_AWS_0095Ensure potential PASSWORD information is not disclosed in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0121Ensure cross zone load balancing is enabled for AWS ELBAWSResilience
MEDIUM
AC_AWS_0141Ensure password policy requires minimal length of 7 for AWS IAM Account Password PolicyAWSCompliance Validation
MEDIUM
AC_AWS_0168Ensure there are no hard coded keys used in base64 encoded value of AWS Launch ConfigurationAWSData Protection
HIGH
AC_AWS_0184Ensure deletion protection is enabled for AWS QLDB LedgerAWSResilience
MEDIUM
AC_AWS_0447Ensure image tag is immutable for Amazon Elastic Container Registry (Amazon ECR) RepositoryAWSSecurity Best Practices
MEDIUM
AC_AWS_0457Ensure environment variables are protected using AWS KMS keys for AWS Lambda FunctionsAWSData Protection
HIGH