Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0523Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0524Ensure LDAP (TCP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0526Ensure LDAP (TCP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0530Ensure Memcached SSL (TCP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0531Ensure Memcached SSL (TCP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0532Ensure Memcached SSL (TCP:11211) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0536Ensure Oracle DB (TCP:2483) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0537Ensure Oracle DB (TCP:2483) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0540Ensure Oracle DB (UDP:2483) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0546Ensure load balancer health checks are used for AWS Auto Scaling GroupsAWSSecurity Best Practices
MEDIUM
AC_AWS_0551Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Queue Service (SQS) QueueAWSIdentity and Access Management
LOW
AC_AWS_0553Ensure a support role has been created to manage incidents with AWS SupportAWSIdentity and Access Management
MEDIUM
AC_AWS_0559Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0566Ensure a log metric filter and alarm exist for AWS Config configuration changesAWSSecurity Best Practices
HIGH
AC_AWS_0580Ensure there is no policy with invalid action for Amazon Elastic Container Registry (ECR) Public repository policyAWSIdentity and Access Management
MEDIUM
AC_AWS_0581Ensure Full Access (AmazonElasticContainerRegistryPublicFullAccess) is not applied to Amazon Elastic Container Registry (ECR) Public repositoryAWSIdentity and Access Management
MEDIUM
AC_AWS_0583Ensure CloudTrail is enabled in all regionsAWSLogging and Monitoring
MEDIUM
AC_AWS_0586Ensure a log metric filter and alarm exist for unauthorized API callsAWSSecurity Best Practices
HIGH
AC_AWS_0587Ensure a log metric filter and alarm exist for usage of 'root' accountAWSSecurity Best Practices
HIGH
AC_AWS_0588Ensure a log metric filter and alarm exist for AWS Management Console authentication failuresAWSSecurity Best Practices
HIGH
AC_AWS_0591Ensure EBS Volume Encryption is Enabled in all RegionsAWSData Protection
HIGH
AC_AWS_0594Ensure no 'root' user account access key existsAWSIdentity and Access Management
HIGH
AC_AWS_0601Ensure hardware MFA is enabled for the 'root' user accountAWSCompliance Validation
HIGH
AC_AWS_0603Ensure that public access is not given to Amazon Relational Database Service (Amazon RDS) InstanceAWSCompliance Validation
MEDIUM
AC_AWS_0605Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AWS_0609Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration portsAWSInfrastructure Security
HIGH
AC_AWS_0614Ensure AWS Lambda Functions have associated tagsAWSCompliance Validation
LOW
AC_AWS_0616Ensure Code Signing is enabled for AWS Lambda functionsAWSData Protection
HIGH
S3_AWS_0001Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 Buckets - Terraform Version 1.xAWSData Protection
HIGH
S3_AWS_0003Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
S3_AWS_0005Ensure MFA Delete is enable on S3 buckets - Terraform Version 1.xAWSSecurity Best Practices
HIGH
AC_AWS_0212Ensure there are no publicly writeable and readable AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0628Ensure AuthType is set to 'AWS_IAM' for AWS Lambda function URLsAWSIdentity and Access Management
MEDIUM
AC_AWS_0012Ensure CloudWatch Logs are enabled for AWS API Gateway StageAWSLogging and Monitoring
MEDIUM
AC_AWS_0013Ensure SSL Client Certificate is enabled for AWS API Gateway StageAWSInfrastructure Security
MEDIUM
AC_AWS_0016Ensure Auto-scaling is configured for both index and tables in AWS DynamoDbAWSCompliance Validation
MEDIUM
AC_AWS_0017Ensure egress filter is set as 'DROP_ALL' for AWS Application MeshAWSInfrastructure Security
MEDIUM
AC_AWS_0044Ensure 'password policy' is enabled - at least 1 lower case characterAWSIdentity and Access Management
MEDIUM
AC_AWS_0049Ensure AWS Config is enabled in all regionsAWSLogging and Monitoring
HIGH
AC_AWS_0058Ensure storage encryption at rest is enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSData Protection
HIGH
AC_AWS_0062Ensure performance insights are enabled for Amazon Relational Database Service (Amazon RDS) instancesAWSLogging and Monitoring
MEDIUM
AC_AWS_0067Ensure Amazon Relational Database Service (Amazon RDS) instances are not open to a public scopeAWSInfrastructure Security
HIGH
AC_AWS_0075Ensure deletion protection is enabled for AWS DocumentDB ClustersAWSLogging and Monitoring
MEDIUM
AC_AWS_0081Ensure AWS EBS Volume has a corresponding AWS EBS SnapshotAWSData Protection
HIGH
AC_AWS_0082Ensure AWS best practices are followed while deciding names for tags in AWS EBS volumesAWSCompliance Validation
LOW
AC_AWS_0084Ensure public repositories are disabled for Amazon Elastic Container Registry (Amazon ECR)AWSIdentity and Access Management
HIGH
AC_AWS_0087Ensure there are no services with admin roles for Amazon Elastic Container Service (ECS)AWSIdentity and Access Management
HIGH
AC_AWS_0088Ensure Amazon Elastic Container Service (ECS) clusters are placed in a VPCAWSInfrastructure Security
HIGH
AC_AWS_0096Ensure encryption is enabled for AWS EFS file systemsAWSData Protection
HIGH
AC_AWS_0104Ensure multi-az is configured for AWS ElastiCache ClustersAWSResilience
MEDIUM