Detections
Analytics

Tenable Cloud Security Policies

Search

IDNameCSPDomainSeverity
AC_AZURE_0160Ensure that private cluster is enabled for Azure Kubernetes ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0161Ensure that kubernetes dashboard is disabled for Azure Kubernetes ClusterAzureInfrastructure Security
MEDIUM
AC_AZURE_0162Ensure secrets have content type set for Azure Key Vault SecretAzureSecurity Best Practices
MEDIUM
AC_AZURE_0163Ensure that the Expiration Date is set for all Secrets in RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0164Ensure that the Expiration Date is set for all Keys in RBAC Key VaultsAzureData Protection
HIGH
AC_AZURE_0165Ensure that only allowed key types are in use for Azure Key Vault CertificateAzureCompliance Validation
HIGH
AC_AZURE_0166Ensure that RSA keys have the specified minimum key size for Azure Key Vault CertificateAzureCompliance Validation
HIGH
AC_AZURE_0167Ensure the Key Vault is RecoverableAzureData Protection
MEDIUM
AC_AZURE_0168Ensure access level is set to 'Read' for Azure Managed Disk SAS TokenAzureData Protection
MEDIUM
AC_AZURE_0169Ensure that logging for Azure KeyVault is 'Enabled'AzureLogging and Monitoring
HIGH
AC_AZURE_0170Ensure the key vault is recoverable - soft_delete_enabledAzureData Protection
MEDIUM
AC_AZURE_0171Ensure zone resiliency is turned on for all Azure ImageAzureResilience
LOW
AC_AZURE_0172Ensure Hyper-V generation uses v2 for Azure ImageAzureData Protection
LOW
AC_AZURE_0173Ensure 'ReadOnly' cache is enabled on Data disks with read heavy operations to get higher read IOPS for Azure ImageAzureCompliance Validation
LOW
AC_AZURE_0174Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure ImageAzureCompliance Validation
LOW
AC_AZURE_0175Ensure Azure RBAC (role-based access control) is used to control access to resources for Azure Function AppAzureIdentity and Access Management
MEDIUM
AC_AZURE_0176Ensure managed identity is used in Azure Function AppAzureIdentity and Access Management
LOW
AC_AZURE_0177Ensure latest TLS version is in use for Azure Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0178Ensure HTTPS is enabled for Azure Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0179Ensure CORS is tightly controlled and managed for Azure Function AppAzureInfrastructure Security
MEDIUM
AC_AZURE_0180Ensure load balancer is enabled for Azure Front DoorAzureResilience
MEDIUM
AC_AZURE_0181Ensure Azure services are zone redundant for Azure Eventhub NamespaceAzureResilience
MEDIUM
AC_AZURE_0182Ensure auto inflate is enabled for Azure Eventhub NamespaceAzureCompliance Validation
LOW
AC_AZURE_0183Ensure consistency level is NOT set to 'Eventual' for Azure CosmosDB AccountAzureSecurity Best Practices
LOW
AC_AZURE_0184Ensure to filter source IP's for Azure CosmosDB AccountAzureInfrastructure Security
HIGH
AC_AZURE_0185Ensure locks are enabled for Azure Container RegistryAzureResilience
HIGH
AC_AZURE_0186Ensure that admin user is disabled for Azure Container RegistryAzureIdentity and Access Management
MEDIUM
AC_AZURE_0187Ensure user id's are all system managed for Azure Container GroupAzureIdentity and Access Management
LOW
AC_AZURE_0188Ensure end-to-end TLS is enabled to encrypt and securely transmit sensitive data to the backend for Azure Application GatewayAzureInfrastructure Security
MEDIUM
AC_AZURE_0189Ensure Web Application Firewall(WAF) is enabled for Azure Application GatewayAzureInfrastructure Security
MEDIUM
AC_AZURE_0190Ensure auto renew of certificates is turned off for Azure App Service Certificate OrderAzureInfrastructure Security
LOW
AC_AZURE_0191Ensure Web App is using the latest version of TLS encryptionAzureInfrastructure Security
MEDIUM
AC_AZURE_0192Ensure auditing and monitoring is enabled for Azure App ServiceAzureLogging and Monitoring
MEDIUM
AC_AZURE_0193Ensure web sockets are disabled for Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0194Ensure that Register with Azure Active Directory is enabled on App ServiceAzureSecurity Best Practices
MEDIUM
AC_AZURE_0195Ensure that custom domains are configured in Azure App ServiceAzureSecurity Best Practices
LOW
AC_AZURE_0196Ensure that IP restrictions rules are configured for Azure App ServiceAzureInfrastructure Security
MEDIUM
AC_AZURE_0197Ensure custom script extensions are not used in Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0198Ensure compression is enabled for Azure CDN EndpointAzureResilience
MEDIUM
AC_AZURE_0199Ensure HTTPS is allowed for Azure CDN EndpointAzureInfrastructure Security
MEDIUM
AC_AZURE_0200Ensure custom script extensions are not used in Azure Virtual MachineAzureData Protection
MEDIUM
AC_AZURE_0201Ensure in-transit encryption is enabled for Azure Redis CacheAzureInfrastructure Security
MEDIUM
AC_AZURE_0202Ensure access duration is set to 3600 seconds or less for Azure Managed Disk SAS TokenAzureData Protection
LOW
AC_AZURE_0203Ensure cross account access is disabled for Azure Synapse Firewall RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0204Ensure Synapse Workspace is not accessible to public via Azure Synapse Firewall RuleAzureInfrastructure Security
MEDIUM
AC_AZURE_0205Ensure cross account access is disabled for Azure SQL ServerAzureIdentity and Access Management
MEDIUM
AC_AZURE_0206Ensure cross account access is disabled for Azure SQL Firewall RuleAzureIdentity and Access Management
MEDIUM
AC_AZURE_0207Ensure cross account access is disabled for Azure Redis CacheAzureIdentity and Access Management
MEDIUM
AC_AZURE_0208Ensure that Active Azure Service Fabric clusters are automatically upgraded to latest versionAzureInfrastructure Security
MEDIUM
AC_AZURE_0209Ensure that Active Azure Service Fabric clusters are not using CVE-2022-30137 vulnerable cluster version(8.2.1124.1)AzureInfrastructure Security
MEDIUM