Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0208Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS ECR RepositoryAWSData Protection
MEDIUM
AC_AWS_0372Ensure root volumes are encrypted for the AWS WorkspacesAWSData Protection
MEDIUM
AC_AWS_0381Ensure public access is disabled for AWS Neptune cluster instancesAWSData Protection
MEDIUM
AC_AWS_0468Ensure encryption is enabled for AWS Athena DatabaseAWSData Protection
HIGH
AC_AWS_0547Ensure there is an encrypted connection between AWS CloudFront server and Origin serverAWSData Protection
HIGH
AC_AWS_0592Ensure that encryption is enabled for EFS file systemsAWSData Protection
HIGH
AC_AZURE_0143Ensure that 'Unattached disks' are encrypted in Azure Managed DiskAzureData Protection
MEDIUM
AC_AZURE_0233Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key)AzureData Protection
MEDIUM
AC_AZURE_0241Ensure that 'Data encryption' is set to 'On' on a SQL DatabaseAzureData Protection
MEDIUM
AC_AZURE_0294Ensure encryption is enabled for Azure Data Lake StoreAzureData Protection
MEDIUM
AC_AZURE_0299Ensure that Azure Data Explorer uses disk encryption in Azure Kusto ClusterAzureData Protection
MEDIUM
AC_AZURE_0317Ensure that string variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0319Ensure that date-time variables are encrypted for Azure Automation VariableAzureData Protection
MEDIUM
AC_AZURE_0325Ensure that Microsoft Defender for Storage is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0326Ensure that Microsoft Defender for SQL servers on machines is set to 'On'AzureData Protection
MEDIUM
AC_AZURE_0367Ensure Soft Delete is Enabled for Azure StorageAzureData Protection
MEDIUM
AC_AZURE_0548Ensure disk encryption is enabled for Azure Linux Virtual MachineAzureData Protection
MEDIUM
AC_K8S_0043Ensure that the API Server only makes use of Strong Cryptographic CiphersKubernetesData Protection
MEDIUM
AC_AWS_0429Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 BucketsAWSData Protection
HIGH
AC_AZURE_0021Ensure Soft Delete is Enabled for Azure Containers and Blob StorageAzureData Protection
MEDIUM
AC_AZURE_0028Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults.AzureData Protection
HIGH
AC_AZURE_0036Ensure the storage account containing the container with activity logs is encrypted with Customer Managed KeyAzureData Protection
MEDIUM
AC_AZURE_0197Ensure custom script extensions are not used in Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0200Ensure custom script extensions are not used in Azure Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0348Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_windows_virtual_machine_scale_setAzureData Protection
MEDIUM
AC_AZURE_0551Ensure geo-redundant backups are enabled for Azure MySQL Flexible ServerAzureData Protection
HIGH
AC_AZURE_0561Ensure Virtual Machines are utilizing Managed DisksAzureData Protection
MEDIUM
AC_GCP_0229Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)GCPData Protection
MEDIUM
AC_AWS_0052Ensure automated backups are enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0053Ensure IAM authentication is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
MEDIUM
AC_AWS_0071Ensure encryption at rest is enabled for AWS DocumentDB clustersAWSData Protection
MEDIUM
AC_AWS_0078Ensure customer managed keys (CMK) are used for server side encryption (SSE) of AWS DyanamoDB tablesAWSData Protection
MEDIUM
AC_AWS_0079Ensure default encryption is enabled for AWS EBS VolumesAWSData Protection
HIGH
AC_AWS_0089Ensure potential DATABASE information is not included in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0090Ensure SECRET information is not included in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0091Ensure potential TOKEN information is not included in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0092Ensure potential LICENSE information is not disclosed in plain text in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0180Ensure inter-cluster encryption is enabled for AWS MSK clusterAWSData Protection
HIGH
AC_AWS_0186Ensure that encryption is enabled for Amazon Relational Database Service (Amazon RDS) InstancesAWSData Protection
HIGH
AC_AWS_0378Ensure all data stored is encrypted at-rest for AWS Elasticache Replication GroupAWSData Protection
HIGH
AC_AWS_0384Ensure data encryption is enabled for AWS SageMaker Notebook instancesAWSData Protection
HIGH
AC_AWS_0388Ensure field-level encryption is enabled for AWS CloudFront distributionAWSData Protection
MEDIUM
AC_AWS_0424Ensure direct access from the internet is disabled for AWS SageMaker Notebook instancesAWSData Protection
HIGH
AC_AWS_0446Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AWS_0545Ensure environment variables do not contain any credentials in AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AZURE_0128Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'AzureData Protection
MEDIUM
AC_AZURE_0170Ensure the key vault is recoverable - soft_delete_enabledAzureData Protection
MEDIUM
AC_AZURE_0202Ensure access duration is set to 3600 seconds or less for Azure Managed Disk SAS TokenAzureData Protection
LOW
AC_AZURE_0240Ensure SQL server's TDE protector is encrypted with Customer-managed keyAzureData Protection
MEDIUM
AC_AZURE_0301Ensure that key vault is used to encrypt data for Azure Batch AccountAzureData Protection
MEDIUM