Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
| Rule ID | Title | Severity | Service Type | Resource Type |
|---|---|---|---|---|
| CSPM-AWS-2024-0012 | CloudTrail Log File Validation is Disabled | Low | CloudTrail | Trails |
| CSPM-AWS-2024-0023 | Unencrypted EBS Volume irrespective of its state | Medium | EC2 | Volumes |
| CSPM-AWS-2024-0092 | Rotation disabled for KMS Symmetric Customer Master Keys (CMKs) | High | KMS | Keys |
| CSPM-AWS-2024-0104 | No CloudWatch Alarm for “Console Logins without MFA” | Low | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0152 | Ensure that only IMDSv2 is permitted by EC2 Metadata Service | Medium | EC2 | Instances |
| CSPM-AWS-2024-0160 | IAM instance roles are used for AWS resource access from instances | Medium | EC2 | Instances |
| CSPM-AWS-2024-0167 | In every VPC, flow logging must be enabled | High | VPC | FlowLog |
| CSPM-AWS-2024-0166 | Ensure AWS Security Hub is enabled | Medium | SecurityHub | Hub |
| CSPM-AWS-2024-0113 | RDS Instance Storage Not Encrypted | Medium | RDS | DBInstances |
| CSPM-AWS-2024-0109 | Auto Minor Version Upgrade Disabled in the RDS Instance | Medium | RDS | DBInstances |
| CSPM-AWS-2024-0110 | The RDS Instance is Publicly Accessible | Medium | RDS | DBInstances |
| CSPM-AWS-2024-0128 | S3 bucket access logging is not enabled on the CloudTrail S3 bucket | Low | CloudTrail | Trails |
| CSPM-AWS-2024-0147 | S3 bucket access logging is not enabled on the CloudTrail S3 bucket | Low | CloudTrail | Trails |
| CSPM-AWS-2024-0017 | AWS Config Recorders Not Enabled | High | ConfigService | ConfigurationRecorders |
| CSPM-AWS-2024-0162 | Ensure AWS Organizations changes are monitored using CloudWatchLogs | Low | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0167 | In every VPC, VPC flow logging must be enabled | High | EC2 | FlowLog |
| CSPM-AWS-2024-0160 | IAM instance roles are used for AWS resource access from instances | Medium | EC2 | Instances |
| CSPM-AWS-2024-0154 | EFS file systems do not have encryption enabled | High | EFS | FileSystems |
| CSPM-AWS-2024-0010 | CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs) | High | CloudTrail | Trails |
| CSPM-AWS-2024-0149 | CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs) | High | CloudTrail | Trails |
| CSPM-AWS-2024-0164 | At the bucket level, the S3 Block Public Access setting needs to be enabled | High | S3 | Buckets |
| CSPM-AWS-2024-0161 | User without MFA, Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | High | IAM | CredentialReport |
