Detections
Analytics

Tenable Cloud Security Policies

Search

IDNameCSPDomainSeverity
AC_AWS_0403Ensure that an API key is required on a method request for AWS API Gateway MethodAWSIdentity and Access Management
MEDIUM
AC_AWS_0404Ensure Principal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0405Ensure NotPrincipal is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0406Ensure NotResource is removed from all AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0407Ensure Effect is set to 'Deny' if Resource is used in Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0408Ensure Effect is set to 'Deny' if NotAction is used in AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0409Ensure Effect is set to 'Deny' if Condition is used in AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0410Ensure wildcards(*) are only at end of strings in Action of AWS Organization policiesAWSSecurity Best Practices
LOW
AC_AWS_0411Ensure there is no IAM policy with empty SID valueAWSIdentity and Access Management
LOW
AC_AWS_0412Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with value not following standard CIDRAWSIdentity and Access Management
LOW
AC_AWS_0413Ensure there is no IAM policy with a condition element having IpAddress Condition Operator with key (aws:SourceIp) using private IP addressAWSIdentity and Access Management
LOW
AC_AWS_0414Ensure there is no IAM policy with a condition element having NotIpAddress Condition Operator with key (aws:SourceIp) using private IP addressAWSIdentity and Access Management
LOW
AC_AWS_0415Ensure there is no IAM policy with a condition element having ForAllValues Condition Operator with empty key-value pairAWSIdentity and Access Management
LOW
AC_AWS_0416Ensure there is no IAM policy with a condition element having ForAnyValue Condition Operator with empty key-value pairAWSIdentity and Access Management
LOW
AC_AWS_0417Ensure there is no IAM policy with a condition element having IfExists Condition Operator with empty key-value pairAWSIdentity and Access Management
LOW
AC_AWS_0418Ensure there is no IAM policy with Redundant actionAWSIdentity and Access Management
LOW
AC_AWS_0419Ensure no wildcards are used in resource ARN for AWS IAM PolicyAWSIdentity and Access Management
LOW
AC_AWS_0420Ensure there is no policy with Empty array ConditionAWSIdentity and Access Management
LOW
AC_AWS_0421Ensure there is no IAM policy with empty array resourceAWSIdentity and Access Management
LOW
AC_AWS_0422Ensure AWS Redshift Snapshot Retention Policy is more than 7 daysAWSCompliance Validation
MEDIUM
AC_AWS_0423Ensure SSL is enforced for parameter groups associated with AWS Redshift clustersAWSInfrastructure Security
MEDIUM
AC_AWS_0424Ensure direct access from the internet is disabled for AWS SageMaker Notebook instancesAWSData Protection
HIGH
AC_AWS_0425Ensure root access is disabled for AWS SageMaker Notebook instancesAWSSecurity Best Practices
HIGH
AC_AWS_0426Ensure that initial login requires password reset for AWS IAM UsersAWSCompliance Validation
HIGH
AC_AWS_0427Ensure hardware MFA is enabled for the "root user" accountAWSCompliance Validation
HIGH
AC_AWS_0428Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_AWS_0429Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 BucketsAWSData Protection
HIGH
AC_AWS_0430Ensure there are no unnamed AWS EC2 instancesAWSCompliance Validation
LOW
AC_AWS_0431Ensure cloud users don't have any direct permissions in AWS IAM PolicyAWSIdentity and Access Management
MEDIUM
AC_AWS_0432Ensure IAM Users Receive Permissions Only Through GroupsAWSIdentity and Access Management
MEDIUM
AC_AWS_0433Ensure cloud users don't have any direct permissions in AWS IAM User Policy AttachmentAWSIdentity and Access Management
MEDIUM
AC_AWS_0434Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AWS_0435Ensure access logging is enabled for AWS LB (Load Balancer)AWSLogging and Monitoring
MEDIUM
AC_AWS_0436Ensure automatic backups are enabled for AWS Elasticache ClusterAWSData Protection
MEDIUM
AC_AWS_0437Ensure public access is disabled for Amazon Relational Database Service (Amazon RDS) database snapshotsAWSInfrastructure Security
MEDIUM
AC_AWS_0438Ensure that there are no orphan in AWS IAM groupsAWSCompliance Validation
LOW
AC_AWS_0439Ensure authorization is enabled for AWS API Gateway MethodAWSInfrastructure Security
HIGH
AC_AWS_0440Ensure deletion protection is enabled for AWS LB (Load Balancer)AWSInfrastructure Security
MEDIUM
AC_AWS_0441Ensure HTTP2 is enabled for AWS LB (Load Balancer)AWSInfrastructure Security
LOW
AC_AWS_0442Ensure access logging is enabled for AWS API Gateway V2 APIAWSSecurity Best Practices
MEDIUM
AC_AWS_0443Ensure log exports has been enabled for AWS Neptune clusterAWSLogging and Monitoring
MEDIUM
AC_AWS_0444Ensure AWS CloudFormation is used for managing an AWS AccountAWSSecurity Best Practices
LOW
AC_AWS_0445Ensure policies are used for AWS CloudFormation StacksAWSSecurity Best Practices
MEDIUM
AC_AWS_0446Ensure Customer Managed Key (CMK) is used to encrypt AWS Codebuild ProjectAWSData Protection
MEDIUM
AC_AWS_0447Ensure image tag is immutable for Amazon Elastic Container Registry (Amazon ECR) RepositoryAWSSecurity Best Practices
MEDIUM
AC_AWS_0448Ensure log retention period of at least 90 days retention period for AWS CloudWatch Log GroupAWSSecurity Best Practices
HIGH
AC_AWS_0449Ensure the default security group of every VPC restricts all trafficAWSInfrastructure Security
MEDIUM
AC_AWS_0450Ensure no wildcards are being used in AWS API Gateway Rest API PolicyAWSIdentity and Access Management
HIGH
AC_AWS_0451Ensure an AWS Key Management Service (KMS) Customer Managed Key (CMK) is used to encrypt AWS CloudWatch Log GroupAWSData Protection
HIGH
AC_AWS_0452Ensure log retention policy is set for AWS CloudWatch Log GroupAWSSecurity Best Practices
MEDIUM