Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
| Rule ID | Title | Severity | Service Type | Resource Type |
|---|---|---|---|---|
| CSPM-GCP-2025-0002-02 | OS Login Disabled (Project Metadata) | Medium | ComputeEngineGlobal | VMInstances |
| CSPM-GCP-2025-0005 | Instance Allows Root Login from Any Host | Critical | Cloud SQL Global | CloudSQL Users |
| CSPM-GCP-2025-0023 | Cloud Storage Bucket Accessible by “_ARG_0_” | Critical | Cloud Storage Global | BucketPolicy |
| CSPM-GCP-2025-0028 | VPC Using Insecure Default Firewall Rules | High | Network Security | Firewalls |
| CSPM-GCP-2025-0029 | VPC Firewall Rules Allowing All Ports Exposed | Critical | Network Security | Firewalls |
| CSPM-GCP-2025-0060 | Secret Manager API is “Disabled” for your Project | High | Service Usage | EnabledServices |
| CSPM-GCP-2025-0062 | Gmail/Non-Workspace Account in Use | Medium | IAM | Policies |
| CSPM-GCP-2025-0069 | Service Account with Admin Privileges | Critical | IAM | IAM |
| CSPM-GCP-2025-0073 | Cloud KMS Cryptographic Keys Exposed to Public Access | Critical | Cloud KMS Global | Policies |
| CSPM-GCP-2025-0105 | Log Metric Filter Doesn’t Exist for Audit Configuration Changes | Medium | Logging | Metrics |
| CSPM-GCP-2025-0129 | Essential Contacts Not Configured | High | Cloud Resource Manager | Contacts |
| CSPM-GCP-2025-0136 | Essential Contacts Not Configured | High | Cloud Resource Manager | Contacts |
| CSPM-GCP-2025-0142 | Ensure that Cloud Audit Logging Is Configured Properly | Medium | IAM | Audit |
| CSPM-GCP-2025-0189 | Firewall Rule Allows Unrestricted SSH TCP Port 22 Access | High | Network Security | Firewalls |
| CSPM-GCP-2025-0262 | Ensure that RDP Access is Restricted from the Internet | High | Network Security | Firewalls |
| CSPM-GCP-2025-0277 | Firewall Rule allows unrestricted docker API Access | Critical | Network Security | Firewalls |
| CSPM-GCP-2025-0071 | User-Managed Service Account Keys | Critical | IAM | Keys |
| CSPM-GCP-2025-0113 | Ensure that sinks are configured for all Log Entries | Medium | Logging | Sinks |
| CSPM-GCP-2025-0114 | Alerts doesn’t exist for audit configuration changes. | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0115 | Alerts doesn’t exist for cloud storage IAM permission changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0116 | Alerts doesn’t exist for Custom Role Changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0118 | Alerts doesn’t exist for SQL Instance Configuration Changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0119 | Alerts don’t exist for VPC Network Changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0120 | Alerts don’t exist for VPC Network Firewall Rule Changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0121 | Alerts Doesn’t Exist for VPC Network Route Changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0071 | User-Managed Service Account Keys | High | IAM | Keys |
| CSPM-GCP-2025-0114 | Alerts doesn’t exist for Audit Configuration changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0113 | Ensure that sinks are Configured for All Log Entries | Medium | Logging | Sinks |
| CSPM-GCP-2025-0115 | Alerts doesn’t exist for Cloud Storage IAM Permission Changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0116 | Alerts doesn’t exist for Custom Role changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0117 | Alerts don’t exist for Project Ownership Assignments/Changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0118 | Alerts don’t exist for SQL Instance Configuration Changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0120 | Alerts don’t exist for VPC Network Firewall Rule Changes | Medium | Monitoring | AlertPolicies |
| CSPM-GCP-2025-0121 | Alerts don’t exist for VPC Network Route Changes | Medium | Monitoring | AlertPolicies |
