Tenable.cs Policies

Search

ID Name CSP Domain Severity
AC_AWS_0001 Ensure AWS ACM only has certificates with single domain names, and none with wildcard domain names AWS Compliance Validation
LOW
AC_AWS_0002 Ensure AWS Certificate Manager (ACM) certificates are renewed 30 days before expiration date AWS Infrastructure Security
MEDIUM
AC_AWS_0003 Ensure AWS Certificate Manager (ACM) certificates are renewed 7 days before expiration date AWS Infrastructure Security
MEDIUM
AC_AWS_0004 Ensure AWS Certificate Manager (ACM) certificates are renewed 45 days before expiration date AWS Infrastructure Security
MEDIUM
AC_AWS_0005 Ensure encryption is enabled for Amazon Machine Image (AMI) AWS Infrastructure Security
MEDIUM
AC_AWS_0006 Ensure Amazon Machine Image (AMI) is not shared among multiple accounts AWS Infrastructure Security
MEDIUM
AC_AWS_0007 Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method Settings AWS Logging and Monitoring
MEDIUM
AC_AWS_0008 Ensure stage caching is enabled for AWS API Gateway Method Settings AWS Compliance Validation
MEDIUM
AC_AWS_0009 Ensure stage cache have encryption enabled for AWS API Gateway Method Settings AWS Logging and Monitoring
MEDIUM
AC_AWS_0010 Ensure that content encoding is enabled for API Gateway Rest API AWS Infrastructure Security
MEDIUM
AC_AWS_0011 Ensure that the endpoint type is set to private for API Gateway Rest API AWS Infrastructure Security
MEDIUM
AC_AWS_0012 Ensure CloudWatch Logs are enabled for AWS API Gateway Stage AWS Logging and Monitoring
MEDIUM
AC_AWS_0013 Ensure SSL Client Certificate is enabled for AWS API Gateway Stage AWS Infrastructure Security
MEDIUM
AC_AWS_0014 Ensure resource ARNs do not have region missing in AWS IAM Policy AWS Identity and Access Management
LOW
AC_AWS_0015 Ensure AWS WAF ACL is associated with AWS API Gateway Stage AWS Logging and Monitoring
LOW
AC_AWS_0016 Ensure Auto-scaling is configured for both index and tables in AWS DynamoDb AWS Compliance Validation
MEDIUM
AC_AWS_0017 Ensure egress filter is set as 'DROP_ALL' for AWS Application Mesh AWS Infrastructure Security
MEDIUM
AC_AWS_0018 Ensure encryption is enabled for AWS Athena Query AWS Data Protection
MEDIUM
AC_AWS_0019 Ensure there is no policy with Empty array Action AWS Identity and Access Management
LOW
AC_AWS_0020 Ensure failover criteria is set for AWS Cloudfront Distribution AWS Resilience
MEDIUM
AC_AWS_0021 Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacks AWS Security Best Practices
MEDIUM
AC_AWS_0022 Ensure termination protection is enabled for AWS CloudFormation Stack AWS Security Best Practices
MEDIUM
AC_AWS_0023 Ensure there is no policy with invalid principal format for AWS Elastic File System (EFS) policy AWS Identity and Access Management
LOW
AC_AWS_0024 Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR) AWS Identity and Access Management
LOW
AC_AWS_0025 Ensure there is no policy with invalid principal format for Amazon Elastic Container Registry (Amazon ECR) AWS Identity and Access Management
LOW
AC_AWS_0026 Ensure there is no IAM policy with invalid region used for resource ARN AWS Identity and Access Management
LOW
AC_AWS_0027 Ensure there is no IAM policy with invalid partition used for resource ARN AWS Identity and Access Management
LOW
AC_AWS_0028 Ensure IAM policies with wildcard (*) resource and NotAction are not attached or used AWS Identity and Access Management
HIGH
AC_AWS_0029 Ensure correct key format is used for condition in AWS IAM Policy AWS Security Best Practices
LOW
AC_AWS_0030 Ensure valid account number format is used in AWS IAM Policy AWS Security Best Practices
LOW
AC_AWS_0031 Ensure only lower case letters are in use for resource in AWS IAM Policy AWS Security Best Practices
LOW
AC_AWS_0032 Ensure a web application firewall is enabled for AWS CloudFront distribution AWS Infrastructure Security
MEDIUM
AC_AWS_0033 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS Logging and Monitoring
HIGH
AC_AWS_0034 Ensure CloudTrail is enabled in all regions AWS Logging and Monitoring
MEDIUM
AC_AWS_0035 Ensure Amazon Simple Notification Service (SNS) topic is defined for notifying log file delivery for AWS CloudTrail AWS Logging and Monitoring
MEDIUM
AC_AWS_0036 Ensure CloudTrail log file validation is enabled AWS Logging and Monitoring
MEDIUM
AC_AWS_0037 Ensure logging for global services is enabled for AWS CloudTrail AWS Logging and Monitoring
MEDIUM
AC_AWS_0038 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS Logging and Monitoring
MEDIUM
AC_AWS_0039 Ensure data events logging is enabled for AWS CloudTrail trails AWS Logging and Monitoring
MEDIUM
AC_AWS_0040 Ensure IAM policies with NotAction and NotResource are not attached or used AWS Identity and Access Management
HIGH
AC_AWS_0041 Ensure resource ARNs do not have arn field missing in AWS IAM Policy AWS Identity and Access Management
LOW
AC_AWS_0042 Ensure standard password policy must be followed with password at least 14 characters long AWS Identity and Access Management
MEDIUM
AC_AWS_0043 Ensure temporary passwords are not valid for more than 90 days AWS Identity and Access Management
MEDIUM
AC_AWS_0044 Ensure 'password policy' is enabled - at least 1 lower case character AWS Identity and Access Management
MEDIUM
AC_AWS_0045 Ensure 'password policy' is enabled - at least 1 upper case character AWS Identity and Access Management
MEDIUM
AC_AWS_0046 Ensure 'password policy' is enabled - at least 1 symbol AWS Identity and Access Management
MEDIUM
AC_AWS_0047 Ensure 'password policy' is enabled - at least 1 number AWS Identity and Access Management
MEDIUM
AC_AWS_0048 Ensure Elastic Block Store (EBS) volumes are encrypted through AWS Config AWS Data Protection
MEDIUM
AC_AWS_0049 Ensure AWS Config is enabled in all regions AWS Logging and Monitoring
HIGH
AC_AWS_0050 Ensure `arn` prefix is in use for resource in AWS IAM Policy AWS Security Best Practices
LOW