Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0217Ensure 'allow all actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0220Ensure 'allow list actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0222Ensure 'allow put or restore actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0428Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'AWSInfrastructure Security
MEDIUM
AC_AWS_0481Ensure there is no policy with invalid principal format for AWS S3 Bucket policyAWSIdentity and Access Management
LOW
AC_AWS_0591Ensure EBS Volume Encryption is Enabled in all RegionsAWSData Protection
HIGH
AC_AWS_0605Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucketAWSLogging and Monitoring
MEDIUM
AC_AZURE_0025Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account AccessAzureInfrastructure Security
HIGH
AC_AZURE_0079Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)AzureData Protection
MEDIUM
AC_AWS_0079Ensure default encryption is enabled for AWS EBS VolumesAWSData Protection
HIGH
AC_AWS_0125Ensure public access is disabled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0211Ensure AWS S3 Buckets are not listable for Authenticated users groupAWSIdentity and Access Management
HIGH
AC_AWS_0214Ensure versioning is enabled for AWS S3 BucketsAWSResilience
HIGH
AC_AWS_0221Ensure 'allow put actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0393Ensure automated backup using EFS Backup policy is enabled for AWS Elastic File System (EFS)AWSResilience
MEDIUM
AC_AWS_0401Ensure encryption at rest is enabled for AWS Backup VaultAWSInfrastructure Security
MEDIUM
AC_AWS_0402Ensure wildcards(*) are not used in IAM policies for AWS Backup Vault PolicyAWSInfrastructure Security
MEDIUM
AC_AWS_0574Ensure that Object-level logging for write events is enabled for S3 bucketAWSIdentity and Access Management
HIGH
AC_AWS_0604Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_AWS_0607Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AWS_0646Ensure S3 Bucket Policy is set to deny HTTP requestsAWSInfrastructure Security
HIGH
AC_AZURE_0202Ensure access duration is set to 3600 seconds or less for Azure Managed Disk SAS TokenAzureData Protection
LOW
AC_AZURE_0373Ensure that 'Secure transfer required' is set to 'Enabled'AzureData Protection
HIGH
AC_AZURE_0559Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' RequestsAzureData Protection
MEDIUM
AC_GCP_0234Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access EnabledGCPIdentity and Access Management
LOW
AC_GCP_0236Ensure that Cloud Storage bucket is not anonymously or publicly accessible - google_storage_bucket_access_controlGCPInfrastructure Security
MEDIUM
AC_GCP_0239Ensure That Service Account Has No Admin Privileges - google_storage_bucket_iam_memberGCPIdentity and Access Management
HIGH
S3_AWS_0015Ensure S3 bucket encryption 'kms_master_key_id' is not empty or null - Terraform Version 1.xAWSData Protection
HIGH
S3_AWS_0017Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - Terraform Version 1.xAWSLogging and Monitoring
MEDIUM
AC_AWS_0023Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policyAWSIdentity and Access Management
LOW
AC_AWS_0099Ensure there are no public file systems for AWS Elastic File System (EFS)AWSIdentity and Access Management
HIGH
AC_AWS_0126Ensure permissions are tightly controlled for AWS GlacierVaultAWSIdentity and Access Management
HIGH
AC_AWS_0207Ensure S3 bucket encryption 'kms_master_key_id' is not empty or nullAWSData Protection
HIGH
AC_AWS_0210Ensure there are no publicly listable AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0216Ensure AWS S3 Bucket object ownership is more restrictiveAWSIdentity and Access Management
MEDIUM
AC_AWS_0218Ensure 'allow delete actions from all principals' is disabled for AWS S3 BucketsAWSIdentity and Access Management
HIGH
AC_AWS_0368Ensure KMS Customer Master Keys (CMKs) are used for encryption for AWS Storage Gateway File SharesAWSSecurity Best Practices
HIGH
AC_AWS_0377Ensure permissions are tightly controlled for AWS EFS File SystemAWSIdentity and Access Management
HIGH
AC_AWS_0429Ensure at-rest server side encryption (SSE) is enabled using AWS KMS for AWS S3 BucketsAWSData Protection
HIGH
AC_AWS_0476Ensure there is no policy with invalid principal key for AWS Elastic File System (EFS) policyAWSIdentity and Access Management
LOW
AC_AWS_0506Ensure valid account number format is used in AWS EFS File System PolicyAWSSecurity Best Practices
LOW
AC_AWS_0592Ensure that encryption is enabled for EFS file systemsAWSData Protection
HIGH
AC_AZURE_0021Ensure Soft Delete is Enabled for Azure Containers and Blob StorageAzureData Protection
MEDIUM
AC_AZURE_0036Ensure the storage account containing the container with activity logs is encrypted with Customer Managed KeyAzureData Protection
MEDIUM
AC_AZURE_0143Ensure that 'Unattached disks' are encrypted in Azure Managed DiskAzureData Protection
MEDIUM
AC_AZURE_0212Ensure the "Minimum TLS version" is set to "Version 1.2"AzureInfrastructure Security
MEDIUM
AC_AZURE_0232Ensure the Storage Container Storing the Activity Logs is not Publicly AccessibleAzureInfrastructure Security
HIGH
AC_AZURE_0233Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key)AzureData Protection
MEDIUM
AC_AZURE_0305Ensure public access is disabled for Azure Storage SyncAzureInfrastructure Security
HIGH
AC_AZURE_0366Ensure that 'Public access level' is set to Private for blob containersAzureIdentity and Access Management
HIGH