Detections
Analytics

Tenable Cloud Security Policies Search

IDNameCSPDomainSeverity
AC_AWS_0399Ensure public IP address is not assigned to Amazon Elastic Container Service (ECS)AWSInfrastructure Security
HIGH
AC_AWS_0447Ensure image tag is immutable for Amazon Elastic Container Registry (Amazon ECR) RepositoryAWSSecurity Best Practices
MEDIUM
AC_AZURE_0109Ensure public IP addresses are not assigned to Azure Linux Virtual MachinesAzureSecurity Best Practices
HIGH
AC_AZURE_0125Ensure that the IP Forwarding feature for Microsoft Azure virtual machines is disabledAzureInfrastructure Security
MEDIUM
AC_AZURE_0159Ensure Azure Active Directory (Azure AD) has been enabled in Azure Kubernetes ClusterAzureCompliance Validation
MEDIUM
AC_AZURE_0171Ensure zone resiliency is turned on for all Azure ImageAzureResilience
LOW
AC_AZURE_0172Ensure Hyper-V generation uses v2 for Azure ImageAzureData Protection
LOW
AC_AZURE_0265Ensure Secrets are not exposed in customData used in Azure Virtual MachineAzureInfrastructure Security
MEDIUM
AC_AZURE_0290Ensure that Azure policies add-on are used for Azure Kubernetes ClusterAzureSecurity Best Practices
MEDIUM
AC_AZURE_0291Ensure that logging to Azure Monitoring is configured for Azure Kubernetes ClusterAzureLogging and Monitoring
MEDIUM
AC_AZURE_0350Ensure overprovisioning is disabled for Azure Windows Virtual Machine Scale SetAzureLogging and Monitoring
LOW
AC_AZURE_0360Ensure automatic OS upgrades are enabled for Azure Virtual Machine Scale SetAzureSecurity Best Practices
MEDIUM
AC_AZURE_0362Ensure boot diagnostics are enabled for Azure Virtual MachineAzureLogging and Monitoring
MEDIUM
AC_AZURE_0550Ensure disk encryption is enabled for Azure Windows Virtual MachineAzureData Protection
MEDIUM
AC_GCP_0016Ensure container-optimized OS (COS) is used for Google Container Node PoolGCPCompliance Validation
LOW
AC_GCP_0022Ensure PodSecurityPolicy controller is enabled on Google Container ClusterGCPCompliance Validation
HIGH
AC_GCP_0023Ensure control plane is not public for Google Container ClusterGCPInfrastructure Security
HIGH
AC_GCP_0034Ensure latest TLS version is used for Google Compute SSL PolicyGCPInfrastructure Security
MEDIUM
AC_GCP_0035Ensure Compute instances are launched with Shielded VM enabledGCPInfrastructure Security
LOW
AC_GCP_0036Ensure encryption with Customer Supplied Encryption Keys (CSEK) is enabled for Google Compute InstanceGCPData Protection
MEDIUM
AC_GCP_0038Ensure default setting for OSLogin is not overridden by Google Compute InstanceGCPIdentity and Access Management
LOW
AC_GCP_0041Ensure default service accounts having complete cloud access are not used by Google Compute InstanceGCPInfrastructure Security
HIGH
AC_GCP_0289Ensure cloud instance snapshots are encrypted through Google Compute SnapshotGCPData Protection
MEDIUM
AC_K8S_0022Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedKubernetesIdentity and Access Management
HIGH
AC_K8S_0027Ensure that the --insecure-bind-address argument is not setKubernetesInfrastructure Security
HIGH
AC_K8S_0028Ensure that the --insecure-port argument is set to 0KubernetesInfrastructure Security
HIGH
AC_K8S_0037Ensure that the --service-account-key-file argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0038Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0041Ensure that the --etcd-cafile argument is set as appropriateKubernetesData Protection
MEDIUM
AC_K8S_0047Ensure that the admission control plugin AlwaysAdmit is not setKubernetesCompliance Validation
MEDIUM
AC_K8S_0050Ensure custom snippets annotations is not set to true for Ingress-nginx controller deployment's Kubernetes Config MapKubernetesSecurity Best Practices
HIGH
AC_K8S_0057Ensure that the --bind-address argument is set to 127.0.0.1KubernetesInfrastructure Security
MEDIUM
AC_K8S_0058Ensure that the --cert-file and --key-file arguments are set as appropriateKubernetesInfrastructure Security
MEDIUM
AC_K8S_0075Minimize the admission of containers with the NET_RAW capabilityKubernetesInfrastructure Security
MEDIUM
AC_K8S_0076Ensure mounting of hostPaths is disallowed in Kubernetes workload configurationKubernetesIdentity and Access Management
HIGH
AC_K8S_0097Ensure CPU request is set for Kubernetes workloadsKubernetesSecurity Best Practices
MEDIUM
AC_K8S_0129Ensure that the admission control plugin PodSecurityPolicy is setKubernetesCompliance Validation
MEDIUM
AC_GCP_0024Ensure authentication using Client Certificates is DisabledGCPIdentity and Access Management
MEDIUM
AC_GCP_0039Ensure "Block Project-Wide SSH Keys" Is Enabled for VM InstancesGCPInfrastructure Security
LOW
AC_GCP_0232Ensure That IP Forwarding Is Not Enabled on InstancesGCPInfrastructure Security
MEDIUM
AC_GCP_0281Ensure That Compute Instances Have Confidential Computing EnabledGCPSecurity Best Practices
MEDIUM
AC_GCP_0301Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIsGCPIdentity and Access Management
HIGH
AC_K8S_0084Minimize the admission of containers wishing to share the host network namespaceKubernetesInfrastructure Security
MEDIUM
AC_AWS_0005Ensure encryption is enabled for Amazon Machine Image (AMI)AWSInfrastructure Security
MEDIUM
AC_AWS_0093Ensure potential AWS_ACCESS_KEY_ID information is not disclosed in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0094Ensure potential CLIENT_ID information is not disclosed in container definition for AWS ECS serviceAWSData Protection
HIGH
AC_AWS_0208Ensure at-rest server side encryption (SSE) is enabled using default encryption keys for AWS ECR RepositoryAWSData Protection
MEDIUM
AC_AWS_0372Ensure root volumes are encrypted for the AWS WorkspacesAWSData Protection
MEDIUM
AC_AWS_0373Ensure running mode is set to AutoStop for AWS WorkspacesAWSCompliance Validation
MEDIUM
AC_AWS_0397Ensure multiple ENI are not attached to a single AWS InstanceAWSSecurity Best Practices
LOW