Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
| Rule ID | Title | Severity | Service Type | Resource Type |
|---|---|---|---|---|
| CSPM-GCP-2025-0002-02 | OS Login Disabled on Project Metadata | High | ComputeEngineGlobal | VMInstances |
| CSPM-GCP-2025-0005 | Instance Allows Root Login from Any Host | High | Cloud SQL Global | CloudSQL Users |
| CSPM-GCP-2025-0023 | Cloud Storage Bucket Accessible by “_ARG_0_” | Critical | Cloud Storage Global | BucketPolicy |
| CSPM-GCP-2025-0063 | Lack of User-Managed Service Account Key Rotation | Medium | IAM | Keys |
| CSPM-GCP-2025-0105 | Log Metric Filter Doesn’t Exist for Audit Configuration Changes | High | Logging | Metrics |
| CSPM-GCP-2025-0129 | Essential Contacts Not Configured | High | Cloud Resource Manager | Contacts |
| CSPM-GCP-2025-0136 | Essential Contacts Not Configured | High | Cloud Resource Manager | Contacts |
| CSPM-GCP-2025-0142 | Ensure That Cloud Audit Logging Is Configured Properly | High | IAM | Audit |
| CSPM-GCP-2025-0189 | Firewall Rule Allows Unrestricted SSH TCP Port 22 Access | High | Network Security | Firewalls |
| CSPM-GCP-2025-0262 | Ensure that RDP Access is Restricted from the Internet | High | Network Security | Firewalls |
| CSPM-GCP-2025-0071 | User-Managed SA Keys | High | IAM | Keys |
| CSPM-GCP-2025-0071 | User-Managed Service Account Keys | High | IAM | Keys |
| CSPM-GCP-2025-0113 | Ensure that sinks are Configured for All Log Entries | High | Logging | Sinks |
