Detections
Analytics

Tenable Cloud Security Policies

Search

IDNameCSPDomainSeverity
AC_AWS_0503Ensure valid account number format is used in Amazon Simple Queue Service (SQS) QueueAWSSecurity Best Practices
LOW
AC_AWS_0504Ensure valid account number format is used in AWS API Gateway Rest API PolicyAWSSecurity Best Practices
LOW
AC_AWS_0505Ensure valid account number format is used in Amazon Elastic Container Registry (Amazon ECR)AWSSecurity Best Practices
LOW
AC_AWS_0506Ensure valid account number format is used in AWS EFS File System PolicyAWSSecurity Best Practices
LOW
AC_AWS_0507Ensure Adding Add a valid numeric value for the condition operatorAWSIdentity and Access Management
LOW
AC_AWS_0508Ensure Cassandra Client (TCP:9042) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0509Ensure Cassandra Internode Communication (TCP:7000) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0510Ensure Cassandra Internode Communication (TCP:7000) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0511Ensure Cassandra Internode Communication (TCP:7000) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0512Ensure Cassandra Monitoring (TCP:7199) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0513Ensure Cassandra Monitoring (TCP:7199) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0514Ensure Cassandra Monitoring (TCP:7199) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0515Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0516Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0517Ensure Cassandra OpsCenter Monitoring (TCP:61620) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0518Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0519Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0520Ensure Cassandra OpsCenter Website (TCP:8888) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0521Ensure Cassandra Thrift (TCP:9160) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0522Ensure Cassandra Thrift (TCP:9160) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0523Ensure Cassandra Thrift (TCP:9160) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0524Ensure LDAP (TCP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0525Ensure LDAP (TCP:389) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0526Ensure LDAP (TCP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0527Ensure LDAP (UDP:389) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0528Ensure LDAP (UDP:389) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0529Ensure LDAP (UDP:389) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0530Ensure Memcached SSL (TCP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0531Ensure Memcached SSL (TCP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0532Ensure Memcached SSL (TCP:11211) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0533Ensure Memcached SSL (UDP:11211) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0534Ensure Memcached SSL (UDP:11211) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0535Ensure Memcached SSL (UDP:11211) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0536Ensure Oracle DB (TCP:2483) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0537Ensure Oracle DB (TCP:2483) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0538Ensure Oracle DB (TCP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0539Ensure Oracle DB (UDP:2483) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0540Ensure Oracle DB (UDP:2483) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0541Ensure Oracle DB (UDP:2483) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0542Ensure Redis without SSL (TCP:6379) is not exposed to entire internetAWSInfrastructure Security
HIGH
AC_AWS_0543Ensure Redis without SSL (TCP:6379) is not exposed to publicAWSInfrastructure Security
MEDIUM
AC_AWS_0544Ensure Redis without SSL (TCP:6379) is not exposed to more than 32 private hostsAWSInfrastructure Security
LOW
AC_AWS_0545Ensure environment variables do not contain any credentials in AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AWS_0546Ensure load balancer health checks are used for AWS Auto Scaling GroupsAWSSecurity Best Practices
MEDIUM
AC_AWS_0547Ensure there is an encrypted connection between AWS CloudFront server and Origin serverAWSData Protection
HIGH
AC_AWS_0548Ensure logging is enabled for AWS CloudFrontAWSLogging and Monitoring
MEDIUM
AC_AWS_0549Ensure geo-restriction is enabled for AWS CloudFrontAWSInfrastructure Security
LOW
AC_AWS_0550Ensure actions '*' and resource '*' are not allowed in AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0551Ensure there is no policy with wildcards (*) used in principal for Amazon Simple Queue Service (SQS) QueueAWSIdentity and Access Management
LOW
AC_AWS_0552Ensure MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH