Policy list for scanning cloud accounts
A list of default policies provided for scanning the cloud accounts.
Default policies for scan accounts
| Policy Name | Description |
|---|---|
| Check AWS Discovery Schedule | Verifies whether an AWS account has a discovery schedule attached. Running discovery regularly helps facilitate the identification and management of potential security risks. |
| Check AWS Account Alias | Verifies an AWS account has a unique alias to improve account management, reduce errors, and promote clarity and traceability within your AWS
infrastructure.
注: Make
sure you have API permission for iam: ListAccountAliases. |
| Check AWS Account Owner Tag | Verifies whether an AWS account has a designated owner to enhance accountability, streamline incident response, and facilitate communication within your AWS environment. |
| Check AWS Custom Password Policy | Verifies whether a custom password policy is set for every AWS account. A robust password requirement for all IAM users significantly increases the difficulty for attackers to crack passwords
through brute-force attacks or credential theft attempts, ultimately enhancing the overall security of your AWS infrastructure. 注: Make sure you have API permission for iam: GetAccountPasswordPolicy. |
| Check AWS Failed Certification | Verifies the AWS account certification status. Failed certifications indicate potential security vulnerabilities because compromised credentials might not be deactivated promptly and provide a window of opportunity for attackers to exploit these weaknesses. |
| Check AWS Pending Certification | Verifies whether an AWS account certification is in a pending state to enable the prompt resolution of pending certifications and avoid potential security vulnerabilities. |
| Check AWS Strong Password Policy | Verifies whether an AWS account adheres to a strong password policy to promote security. This policy mandates robust password complexity requirements,
significantly bolstering your AWS environment's defense against unauthorized access. 注: Make sure you have API permission for iam:
GetAccountPasswordPolicy. |
| Check Azure Discovery Schedule | Verifies whether Azure account has a discovery schedule attached. This policy helps secure and up-to-date resource landscape to facilitate the identification and management of potential security risks. |
| Check Azure Account Owner Tag | Verifies if Azure account has a designated owner tag to enhance accountability and facilitate communication within your Azure environment. This policy readily identifies the responsible party for each account, promoting a culture of ownership and streamlined incident response. |
| Check Azure Failed Certification | Verifies Azure account certification status for failure to promote strong access control by proactively monitoring for any service account with a failed certification status. Failed certifications indicate potential security vulnerabilities, as compromised credentials might not be deactivated promptly. This policy minimizes the window of opportunity for attackers to exploit these weaknesses. |
| Check Azure Pending Certification | Verifies if Azure service account certification is in a pending state. This monitoring enables prompt resolution of pending certification and avoids potential security vulnerabilities. |
| Check GCP Discovery Schedule | Verifies whether GCP account has a discovery schedule attached. This policy helps secure and up-to-date resource landscape to facilitate the identification and management of potential security risks. |
| Check GCP Account Owner Tag | Verifies if GCP account has a designated owner tag to enhance accountability and facilitate communication within your GCP environment. This policy readily identifies the responsible party for each account, promoting a culture of ownership and streamlined incident response. |
| Check GCP Failed Certification | Verifies GCP account certification status for failure to promote strong access control by proactively monitoring for any service account with a failed certification status. Failed certifications indicate potential security vulnerabilities, as compromised credentials might not be deactivated promptly. This policy minimizes the window of opportunity for attackers to exploit these weaknesses. |
| Check GCP Pending Certification | Verifies if GCP account certification is in a pending state. This monitoring enables prompt resolution of pending certification and avoids potential security vulnerabilities. |
To return to the procedure, see Set up scan configuration for data visualization.