View Categories

Understand HIPAA HITRUST Global Rules in AWS

Print Friendly, PDF & Email

Interpretation of the Columns in Benchmark Compliance Rules:

Rule ID: A unique identifier for the specific security rule or check

Title: A brief description of the security issue or misconfiguration

Severity — Low to High: Determines the risk of being exposed to attacks

Service Type: The AWS service affected or evaluated by the rule

Resource Type: The specific AWS resource being audited

Rule IDTitleSeverityService TypeResource Type
CSPM-AWS-2024-0068Passwords Expiration Threshold Is Not Configured Or Exceeds The Specified LimitMediumIAMAccountPasswordPolicy
CSPM-AWS-2024-0069The Minimum Password Length for IAM is shortMediumIAMAccountPasswordPolicy
CSPM-AWS-2024-0070
CSPM-AWS-2024-0071Password Policy Does Not Mandate Lowercase CharactersMediumIAMAccountPasswordPolicy
CSPM-AWS-2024-0072Password Policy Does Not Mandate a NumberMediumIAMAccountPasswordPolicy
CSPM-AWS-2024-0073Password Policy Does Not Mandate a SymbolMediumIAMAccountPasswordPolicy
CSPM-AWS-2024-0074Password Policy Does Not Mandate Uppercase CharactersMediumIAMAccountPasswordPolicy
CSPM-AWS-2024-0075Password Policy Allows Reuse of PasswordsMediumIAMAccountPasswordPolicy
CSPM-AWS-2024-0088User Holding Multiple API KeysCriticalIAMAccessKey
CSPM-AWS-2024-0089User with Enabled Keys and PasswordCriticalIAMAccessKey
CSPM-AWS-2024-0091User without MFACriticalIAMUsers
CSPM-AWS-2024-0501Ensure Existence of IAM UsersHighIAMUser
CSPM-AWS-2024-0514Enable Termination Protection for CloudFormation StacksHighCloudFormationStack
CSPM-AWS-2024-0092Rotation disabled for KMS Symmetric Customer Master Keys (CMKs)CriticalKMSKeys