| Benchmark | Rule ID | Title | Service Type | Resource Type |
|---|---|---|---|---|
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0004 | Clear-Text Origin, a potential to expose sensitive data in AWS CloudFront Content Distributions | CloudFront | Distributions |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0005 | Insecure Origin TLS/SSL, a potential to expose sensitive data in AWS CloudFront Content Distributions | CloudFront | Distributions |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0068 | Passwords Expiration Threshold Is Not Configured Or Exceeds The Specified Limit | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0069 | The Minimum Password Length for IAM is Short. | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0070 | Password Expiration Disabled | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0071 | Password Policy Does Not Mandate Lowercase Characters | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0072 | Password Policy Does Not Mandate a Number | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0073 | Password Policy Does Not Mandate a Symbol | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0074 | Password Policy Does Not Mandate Uppercase Characters | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0075 | Password Policy Allows Reuse of Passwords | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0077 | No Hardware MFA for Root Account | IAM | CredentialReport |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0078 | No MFA for Root Account | IAM | CredentialReport |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0084 | Inadequate Key Rotation for 90 Days | IAM | AccessKey |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0091 | User without MFA | IAM | Users |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0159 | IAM Managed policies should not allow full “*” administrative privileges | IAM | Policies |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0161 | Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | IAM | CredentialReport |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0169 | Verify that there are no active access keys associated with the root user account | IAM | AccountSummary |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0171 | Security contact information should be provided for an AWS account. | Account | ContactInformation |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0172 | AWS account should be part of an AWS Organizations organization | Account | Organizations |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0188 | CloudFront distributions should have a default root object configured | CloudFront | Distributions |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0189 | CloudFront distributions should not point to non-existent S3 origins | CloudFront | Distributions |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0190 | CloudFront distributions should have origin failover configured | CloudFront | Distributions |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0191 | CloudFront distributions should have logging enabled | CloudFront | Distributions |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0192 | CloudFront distributions should have WAF enabled | CloudFront | Distributions |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0193 | CloudFront distributions should use custom SSL/TLS certificates | CloudFront | Distributions |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0194 | CloudFront distributions should use SNI to serve HTTPS requests | CloudFront | Distributions |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0195 | CloudFront distributions should encrypt traffic to custom origins | CloudFront | Distributions |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0269 | Application Load Balancers should be associated with an AWS WAF web ACL | WAFv2 | ApplicationLoadBalancer |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0289 | IAM customer managed policies that you create should not allow wildcard actions for services | IAM | Policy |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0291 | IAM customer managed policies should not allow decryption actions on all KMS keys | KMS | Policy |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0362 | Route 53 public hosted zones should log DNS queries | Route53 | HostedZone |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0387 | AWS WAF Classic Global Web ACL logging should be enabled | WAF | WebACL |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0388 | AWS WAF web ACLs should have at least one rule or rule group | WAFv2 | WebACL |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0389 | AWS WAF web ACL logging should be enabled | WAFv2 | WebACL |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0390 | AWS WAF rules should have CloudWatch metrics enabled | WAFv2 | WebACL |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0391 | AWS WAF Classic Regional rules should have at least one condition | WAFRegional | Rule |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0392 | AWS WAF Classic Regional rule groups should have at least one rule | WAFRegional | RuleGroup |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0393 | AWS WAF Classic Regional web ACLs should have at least one rule or rule group | WAFRegional | WebACL |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0394 | AWS WAF Classic global rules should have at least one condition | WAF | Rule |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0395 | AWS WAF Classic global rule groups should have at least one rule | WAF | RuleGroup |
| NIST_800_53_rev_5_Global | CSPM-AWS-2024-0396 | AWS WAF Classic global web ACLs should have at least one rule or rule group | WAF | WebACL |
