View Categories

Implementing CIS 3 0 0 Regional in AWS

Print Friendly, PDF & Email
BenchmarkRule IDTitleService TypeResource Type
CIS_3_0_0_RegionalCSPM-AWS-2024-0009CloudTrail Data Events Logging Not ConfiguredCloudTrailTrails
CIS_3_0_0_RegionalCSPM-AWS-2024-0009CloudTrail Data Events Logging Not ConfiguredCloudTrailTrails
CIS_3_0_0_RegionalCSPM-AWS-2024-0010CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs).CloudTrailTrails
CIS_3_0_0_RegionalCSPM-AWS-2024-0012CloudTrail Log File Validation is DisabledCloudTrailTrails
CIS_3_0_0_RegionalCSPM-AWS-2024-0017AWS Config Recorders Not EnabledConfigServiceConfigurationRecorders
CIS_3_0_0_RegionalCSPM-AWS-2024-0020Non-empty Default Security Group RulesetsEC2SecurityGroups
CIS_3_0_0_RegionalCSPM-AWS-2024-0023Unencrypted EBS Volume irrespective of its stateEC2Volumes
CIS_3_0_0_RegionalCSPM-AWS-2024-0092Rotation disabled for KMS Symmetric Customer Master Keys (CMKs)KMSKeys
CIS_3_0_0_RegionalCSPM-AWS-2024-0093No CloudWatch Alarm Monitoring for “AWS Configuration Changes”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0094No CloudWatch Alarm Monitoring for “CloudTrail Configuration Changes”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0095No CloudWatch Alarm for “Disabled or Deleted Master Keys”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0096No CloudWatch Alarm for “Failed Console Authentications”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0097No CloudWatch Alarm for “IAM Policy Changes”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0098No CloudWatch Alarm for “Network Access Control Lists Changes”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0099No CloudWatch Alarm for “Network Gateways Changes”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0100No CloudWatch Alarm for “Root Account Usage”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0101No CloudWatch Alarm for “Route Table Changes”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0102No CloudWatch Alarm for “S3 Bucket Policy Changes”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0103No CloudWatch Alarm for “Console Logins without MFA”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0104No CloudWatch Alarm for”Console Logins without MFA”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0105No CloudWatch Alarm for “Unauthorized API Calls”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0106No CloudWatch Alarm for “VPC Changes”CloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0109Auto Minor Version Upgrade Disabled in the RDS InstanceRDSDBInstances
CIS_3_0_0_RegionalCSPM-AWS-2024-0110The RDS Instance is Publicly AccessibleRDSDBInstances
CIS_3_0_0_RegionalCSPM-AWS-2024-0113RDS Instance Storage Not EncryptedRDSDBInstances
CIS_3_0_0_RegionalCSPM-AWS-2024-0129S3 Bucket without Multi-Factor Authentication (MFA) DeleteS3Buckets
CIS_3_0_0_RegionalCSPM-AWS-2024-0143VPC Routing Table fails to Maintain High Selectivity in PeeringEC2RouteTable
CIS_3_0_0_RegionalCSPM-AWS-2024-0147S3 bucket access logging is not enabled on the CloudTrail S3 bucketCloudTrailTrails
CIS_3_0_0_RegionalCSPM-AWS-2024-0148CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management eventsCloudTrailTrails
CIS_3_0_0_RegionalCSPM-AWS-2024-0152Ensure that only IMDSv2 is permitted by EC2 Metadata Service.EC2Instances
CIS_3_0_0_RegionalCSPM-AWS-2024-0154EFS file systems do not have encryption enabled.EFSFileSystems
CIS_3_0_0_RegionalCSPM-AWS-2024-0155Ensure that IAM Access analyzer is enabled for all regionsAccessAnalyzerAnalyzer
CIS_3_0_0_RegionalCSPM-AWS-2024-0160IAM instance roles are used for AWS resource access from instancesEC2Instances
CIS_3_0_0_RegionalCSPM-AWS-2024-0162Ensure AWS Organizations changes are monitored using CloudWatchLogsCloudWatchLogsMetricFilter
CIS_3_0_0_RegionalCSPM-AWS-2024-0164At the bucket level, the S3 Block Public Access setting needs to be enabled.S3Buckets
CIS_3_0_0_RegionalCSPM-AWS-2024-0166Ensure AWS Security Hub is enabledSecurityHubHub
CIS_3_0_0_RegionalCSPM-AWS-2024-0167In every VPC, VPC flow logging is must to be enabled.EC2FlowLog