| Benchmark | Rule ID | Title | Service Type | Resource Type |
|---|---|---|---|---|
| NIST_800_53_rev_5 | CSPM-AWS-2024-0004 | Clear-Text Origin, a potential to expose sensitive data in AWS CloudFront Content Distributions | CloudFront | Distributions |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0005 | Insecure Origin TLS/SSL, a potential to expose sensitive data in AWS CloudFront Content Distributions | CloudFront | Distributions |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0008 | Trails lacks integration with CloudWatch | CloudTrail | Trails |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0012 | CloudTrail Log File Validation is Disabled | CloudTrail | Trails |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0016 | CloudWatch Alarm without Action | CloudWatch | Alarm |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0020 | Non-empty Default Security Group Rulesets | EC2 | SecurityGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0022 | Publicly Accessible EBS Snapshot | EC2 | Snapshots |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0023 | Unencrypted EBS Volume irrespective of its state | EC2 | Volumes |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0027 | EC2 Instance is Assigned a Public IP Address | EC2 | Instances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0033-08 | Security Group Allows Unrestricted Access through “SSH” Well-Known Port | EC2 | SecurityGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0043 | Elastic Load Balancer (ELB) Allows Clear Text (HTTP) Communication | ElasticLoadBalancing | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0044 | Absence of Elastic Load Balancer (ELB) Access Logs | ElasticLoadBalancing | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0045 | An Old SSL/TLS Policy Detected | ElasticLoadBalancing | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0046 | Drop Invalid Header Fields Disabled | ElasticLoadBalancingv2 | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0048 | Lack of ELBv2 Access Logs | ElasticLoadBalancingv2 | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0068 | Passwords Expiration Threshold Is Not Configured Or Exceeds The Specified Limit | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0069 | The Minimum Password Length for IAM is Short. | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0070 | Password Expiration Disabled | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0071 | Password Policy Does Not Mandate Lowercase Characters | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0072 | Password Policy Does Not Mandate a Number | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0073 | Password Policy Does Not Mandate a Symbol | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0074 | Password Policy Does Not Mandate Uppercase Characters | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0075 | Password Policy Allows Reuse of Passwords | IAM | AccountPasswordPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0077 | No Hardware MFA for Root Account | IAM | CredentialReport |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0078 | No MFA for Root Account | IAM | CredentialReport |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0084 | Inadequate Key Rotation for 90 Days | IAM | AccessKey |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0091 | User without MFA | IAM | Users |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0092 | Rotation disabled for KMS Symmetric Customer Master Keys (CMKs) | KMS | Keys |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0107 | RDS Instance Backup Disabled | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0109 | Auto Minor Version Upgrade Disabled in the RDS Instance | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0110 | The RDS Instance is Publicly Accessible | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0112 | Single AZ RDS Instance lack the automatic failover capability | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0116 | Publicly Accessible RDS DB Snapshot | RDS | DBSnapshot |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0117 | Redshift data in the cluster is not encrypted at rest | Redshift | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0118 | Redshift Cluster Version Upgrade is Disabled | Redshift | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0119 | Redshift Cluster is Publicly accessible | Redshift | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0120 | Disabled User Activity Logging for Redshift Cluster | Redshift | ParameterGroup |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0128 | Logging of S3 bucket Access is Disabled | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0129 | S3 Bucket without Multi-Factor Authentication (MFA) Delete | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0130 | S3 Bucket has No Versioning | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0138 | SQS Queue Server with Disabled Encryption | SQS | Queue |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0148 | CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events | CloudTrail | Trails |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0149 | Encryption should be enabled at-rest in CloudTrail. | CloudTrail | Trails |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0151 | Enable Amazon EBS encryption by default for your account in the current region. | EC2 | Volumes |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0152 | Ensure that only IMDSv2 is permitted by EC2 Metadata Service. | EC2 | Instances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0159 | IAM Managed policies should not allow full “*” administrative privileges | IAM | Policies |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0161 | Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | IAM | CredentialReport |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0164 | At the bucket level, the S3 Block Public Access setting needs to be enabled. | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0165 | Enabling the S3 Block Public Access setting is necessary. | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0167 | In every VPC, VPC flow logging is must to be enabled. | EC2 | FlowLog |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0169 | Verify that there are no active access keys associated with the root user account | IAM | AccountSummary |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0171 | Security contact information should be provided for an AWS account. | Account | ContactInformation |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0172 | AWS account should be part of an AWS Organizations organization | Account | Organizations |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0173 | API Gateway REST and WebSocket API execution logging should be enabled | APIGateway | Stages |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0174 | API Gateway REST API stages should be configured to use SSL certificates for backend authentication | APIGateway | Stages |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0175 | API Gateway REST API stages should have AWS X-Ray tracing enabled | APIGateway | Stages |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0176 | API Gateway should be associated with a WAF Web ACL | APIGateway | Stages |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0177 | API Gateway REST API cache data should be encrypted at rest | APIGateway | Stages |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0178 | API Gateway routes should specify an authorization type | APIGateway | Stages |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0179 | Access logging should be configured for API Gateway V2 Stages | APIGateway | Stages |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0180 | AWS AppSync GraphQL APIs should not be authenticated with API keys | AppSync | AppSync Graphql APIs |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0182 | Amazon EC2 Auto Scaling group should cover multiple Availability Zones | AutoScaling | AutoScalingGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0183 | Auto Scaling group launch configurations should configure EC2 instances to require Instance Metadata Service Version 2 (IMDSv2) | AutoScaling | LaunchConfigurations |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0184 | Amazon EC2 instances launched using Auto Scaling group launch configurations should not have Public IP addresses | AutoScaling | LaunchConfigurations |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0185 | Auto Scaling groups should use multiple instance types in multiple Availability Zones | AutoScaling | AutoScalingGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0186 | EC2 Auto Scaling groups should use EC2 launch templates | AutoScaling | AutoScalingGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0187 | AWS Backup recovery points should be encrypted at rest | Backup | BackupRecoveryPoints |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0188 | CloudFront distributions should have a default root object configured | CloudFront | Distributions |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0189 | CloudFront distributions should not point to non-existent S3 origins | CloudFront | Distributions |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0190 | CloudFront distributions should have origin failover configured | CloudFront | Distributions |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0191 | CloudFront distributions should have logging enabled | CloudFront | Distributions |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0192 | CloudFront distributions should have WAF enabled | CloudFront | Distributions |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0193 | CloudFront distributions should use custom SSL/TLS certificates | CloudFront | Distributions |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0194 | CloudFront distributions should use SNI to serve HTTPS requests | CloudFront | Distributions |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0195 | CloudFront distributions should encrypt traffic to custom origins | CloudFront | Distributions |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0197 | CloudWatch log groups should be retained for a specified time period | CloudWatch | CloudWatchLogGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0200 | CodeBuild S3 logs should be encrypted | CodeBuild | CodeBuildS3Logs |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0201 | CodeBuild project environments should have a logging configuration | CodeBuild | CodeBuildProject |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0202 | AWS Config should be enabled | Config | ConfigurationRecorder |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0203 | Firehose delivery streams should be encrypted at rest | DataFirehose | DeliveryStream |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0204 | Database Migration Service replication instances should not be public | DMS | ReplicationInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0205 | DMS endpoints for Neptune databases should have IAM authorization enabled | DMS | DMSEndpoints |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0206 | DMS endpoints for MongoDB should have an authentication mechanism enabled | DMS | DMSEndpoints |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0207 | DMS endpoints for Redis should have TLS enabled | DMS | DMSEndpoints |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0208 | DMS replication instances should have automatic minor version upgrade enabled | DMS | ReplicationInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0209 | DMS replication tasks for the target database should have logging enabled | DMS | ReplicationTasks |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0210 | DMS replication tasks for the source database should have logging enabled | DMS | ReplicationTasks |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0211 | DMS endpoints should use SSL | DMS | DMSEndpoints |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0212 | Amazon DocumentDB clusters should be encrypted at rest | DocumentDB | DocumentDBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0213 | Amazon DocumentDB clusters should have an adequate backup retention period | DocumentDB | DocumentDBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0214 | Amazon DocumentDB manual cluster snapshots should not be public | DocumentDB | DocumentDBManualCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0215 | Amazon DocumentDB clusters should publish audit logs to CloudWatch Logs | DocumentDB | DocumentDBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0216 | Amazon DocumentDB clusters should have deletion protection enabled | DocumentDB | DocumentDBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0217 | DynamoDB tables should automatically scale capacity with demand | DynamoDB | DynamoDBTable |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0218 | DynamoDB tables should have point-in-time recovery enabled | DynamoDB | DynamoDBTable |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0219 | DynamoDB Accelerator (DAX) clusters should be encrypted at rest | DynamoDB | DAXCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0220 | DynamoDB tables should be present in a backup plan | DynamoDB | DynamoDBTable |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0221 | DynamoDB tables should have deletion protection enabled | DynamoDB | DynamoDBTable |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0222 | DynamoDB Accelerator clusters should be encrypted in transit | DynamoDB | DAXCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0224 | Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service | EC2 | Instances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0225 | Unused EC2 EIPs should be removed | EC2 | Addresses |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0226 | EC2 subnets should not automatically assign public IP addresses | EC2 | Subnet |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0227 | Unused Network Access Control Lists should be removed | EC2 | NetworkAcls |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0228 | EC2 instances should not use multiple ENIs | EC2 | Instances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0229 | Security groups should only allow unrestricted incoming traffic for authorized ports | EC2 | SecurityGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0230 | Both VPN tunnels for an AWS Site-to-Site VPN connection should be up | EC2 | VPCConnections |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0231 | EC2 Transit Gateways should not automatically accept VPC attachment requests | EC2 | TransitGateway |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0232 | EC2 paravirtual instance types should not be used | EC2 | Instances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0233 | EC2 launch templates should not assign public IPs to network interfaces | EC2 | LaunchTemplate |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0234 | EBS volumes should be in a backup plan | Backup | BackupSelection |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0236 | Stopped EC2 instances should be removed after a specified time period | EC2 | Instances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0237 | EC2 Client VPN endpoints should have client connection logging enabled | EC2 | ClientVPNEndpoint |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0238 | ECR private repositories should have image scanning configured | ECR | Repository |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0239 | ECR private repositories should have tag immutability configured | ECR | Repository |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0240 | ECR repositories should have at least one lifecycle policy configured | ECR | Repository |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0241 | Amazon ECS task definitions should have secure networking modes and user definitions | ECS | TaskDefinition |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0242 | ECS Fargate services should run on the latest Fargate platform version | ECS | Service |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0243 | ECS clusters should use Container Insights | ECS | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0244 | ECS services should not have public IP addresses assigned to them automatically | ECS | Service |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0245 | ECS task definitions should not share the host’s process namespace | ECS | TaskDefinition |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0246 | ECS containers should run as non-privileged | ECS | TaskDefinition |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0247 | ECS containers should be limited to read-only access to root filesystems | ECS | TaskDefinition |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0248 | Secrets should not be passed as container environment variables | ECS | TaskDefinition |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0249 | ECS task definitions should have a logging configuration | ECS | TaskDefinition |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0250 | Elastic File System should be configured to encrypt file data at-rest using AWS KMS | EFS | FileSystems |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0251 | Amazon EFS volumes should be in backup plans | Backup | BackupSelection |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0252 | EFS access points should enforce a root directory | EFS | AccessPoint |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0253 | EFS access points should enforce a user identity | EFS | AccessPoint |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0254 | EKS clusters should run on a supported Kubernetes version | EKS | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0255 | ElastiCache Redis clusters should have automatic backup enabled | ElastiCache | CacheClusters |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0256 | ElastiCache for Redis cache clusters should have auto minor version upgrades enabled | ElastiCache | CacheClusters |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0257 | ElastiCache replication groups should have automatic failover enabled | ElastiCache | ReplicationGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0258 | ElastiCache replication groups should have encryption-at-rest enabled | ElastiCache | ReplicationGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0259 | ElastiCache replication groups should have encryption-in-transit enabled | ElastiCache | ReplicationGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0260 | ElastiCache for Redis replication groups before version 6.0 should use Redis AUTH | ElastiCache | ReplicationGroups |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0261 | ElastiCache clusters should not use the default subnet group | ElastiCache | CacheClusters |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0262 | Elastic Beanstalk environments should have enhanced health reporting enabled | ElasticBeanstalk | Environment |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0263 | Elastic Beanstalk managed platform updates should be enabled | ElasticBeanstalk | Environment |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0264 | Application Load Balancer should be configured to redirect all HTTP requests to HTTPS | ELBv2 | ApplicationLoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0265 | Classic Load Balancer should span multiple Availability Zones | ELB | LoadBalancers |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0266 | Application Load Balancer should be configured with defensive or strictest desync mitigation mode | ELBv2 | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0267 | Application, Network and Gateway Load Balancers should span multiple Availability Zones | ELBv2 | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0268 | Classic Load Balancer should be configured with defensive or strictest desync mitigation mode | ELB | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0269 | Application Load Balancers should be associated with an AWS WAF web ACL | WAFv2 | ApplicationLoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0270 | Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate Manager | ELB | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0271 | Classic Load Balancers should have connection draining enabled | ELB | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0273 | Classic Load Balancers should have cross-zone load balancing enabled | ELB | LoadBalancer |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0274 | Amazon EMR cluster primary nodes should not have public IP addresses | EMR | EMRCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0275 | Amazon EMR block public access setting should be enabled | EMR | EMRCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0276 | Elasticsearch domains should have encryption at-rest enabled | ES | ElasticSearchDomain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0277 | Elasticsearch domains should not be publicly accessible | ES | ElasticSearchDomain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0278 | Elasticsearch domains should encrypt data sent between nodes | ES | ElasticSearchDomain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0279 | Elasticsearch domain error logging to CloudWatch Logs should be enabled | ES | ElasticSearchDomain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0280 | Elasticsearch domains should have audit logging enabled | ES | ElasticSearchDomain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0281 | Elasticsearch domains should have at least three data nodes | ES | ElasticSearchDomain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0282 | Elasticsearch domains should be configured with at least three dedicated master nodes | ES | ElasticSearchDomain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0283 | Connections to Elasticsearch domains should be encrypted using the latest TLS security policy | ES | ElasticSearchDomain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0284 | EventBridge custom event buses should have a resource-based policy attached | EventBridge | EventBus |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0285 | EventBridge global endpoints should have event replication enabled | EventBridge | Endpoint |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0286 | FSx for OpenZFS file systems should be configured to copy tags to backups and volumes | FSx | FileSystem |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0287 | FSx for Lustre file systems should be configured to copy tags to backups | FSx | FileSystem |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0288 | GuardDuty should be enabled | GuardDuty | Account |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0289 | IAM customer managed policies that you create should not allow wildcard actions for services | IAM | Policy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0290 | Kinesis streams should be encrypted at rest | Kinesis | Stream |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0291 | IAM customer managed policies should not allow decryption actions on all KMS keys | KMS | Policy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0293 | AWS KMS keys should not be deleted unintentionally | KMS | Key |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0294 | Lambda function policies should prohibit public access | Lambda | LambdaFunction |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0295 | Lambda functions should use supported runtimes | Lambda | LambdaFunction |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0296 | Lambda functions should be in a VPC | Lambda | LambdaFunction |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0298 | Macie should be enabled | Macie | Session |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0299 | Macie automated sensitive data discovery should be enabled | Macie | Account |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0300 | ActiveMQ brokers should stream audit logs to CloudWatch | MQ | Broker |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0301 | Amazon MQ brokers should have automatic minor version upgrade enabled | MQ | Broker |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0302 | ActiveMQ brokers should use active/standby deployment mode | MQ | Broker |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0303 | RabbitMQ brokers should use cluster deployment mode | MQ | Broker |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0304 | MSK clusters should be encrypted in transit among broker nodes | MSK | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0305 | MSK clusters should have enhanced monitoring configured | MSK | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0306 | Neptune DB clusters should be encrypted at rest | Neptune | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0307 | Neptune DB clusters should publish audit logs to CloudWatch Logs | Neptune | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0308 | Neptune DB cluster snapshots should not be public | Neptune | DBClusterSnapshot |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0309 | Neptune DB clusters should have deletion protection enabled | Neptune | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0310 | Neptune DB clusters should have automated backups enabled | Neptune | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0311 | Neptune DB cluster snapshots should be encrypted at rest | Neptune | DBClusterSnapshot |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0312 | Neptune DB clusters should have IAM database authentication enabled | Neptune | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0313 | Neptune DB clusters should be configured to copy tags to snapshots | Neptune | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0314 | Neptune DB clusters should be deployed across multiple Availability Zones | Neptune | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0315 | Network Firewall firewalls should be deployed across multiple Availability Zones | NetworkFirewall | Firewall |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0316 | Network Firewall logging should be enabled | NetworkFirewall | LoggingConfiguration |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0317 | Network Firewall policies should have at least one rule group associated | NetworkFirewall | FirewallPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0318 | The default stateless action for Network Firewall policies should be drop or forward for full packets | NetworkFirewall | FirewallPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0319 | The default stateless action for Network Firewall policies should be drop or forward for fragmented packets | NetworkFirewall | FirewallPolicy |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0320 | Stateless network firewall rule group should not be empty | NetworkFirewall | RuleGroup |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0321 | Network Firewall firewalls should have deletion protection enabled | NetworkFirewall | Firewall |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0322 | OpenSearch domains should have encryption at rest enabled | Opensearch | Domain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0323 | OpenSearch domains should have the latest software update installed | Opensearch | Domain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0324 | OpenSearch domains should have at least three dedicated primary nodes | Opensearch | Domain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0325 | OpenSearch domains should not be publicly accessible | Opensearch | Domain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0326 | OpenSearch domains should encrypt data sent between nodes | Opensearch | Domain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0328 | OpenSearch domains should have audit logging enabled | Opensearch | Domain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0329 | OpenSearch domains should have at least three data nodes | Opensearch | Domain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0330 | OpenSearch domains should have fine-grained access control enabled | Opensearch | Domain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0331 | Connections to OpenSearch domains should be encrypted using the latest TLS security policy | Opensearch | Domain |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0332 | AWS Private CA root certificate authority should be disabled | PCA | CertificateAuthority |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0333 | IAM authentication should be configured for RDS instances | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0334 | IAM authentication should be configured for RDS clusters | RDS | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0335 | Amazon Aurora clusters should have backtracking enabled | RDS | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0336 | RDS DB clusters should be configured for multiple Availability Zones | RDS | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0337 | RDS DB clusters should be configured to copy tags to snapshots | RDS | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0338 | RDS DB instances should be configured to copy tags to snapshots | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0339 | RDS instances should be deployed in a VPC | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0340 | Existing RDS event notification subscriptions should be configured for critical cluster events | RDS | EventSubscription |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0341 | Existing RDS event notification subscriptions should be configured for critical database instance events | RDS | EventSubscription |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0342 | An RDS event notifications subscription should be configured for critical database parameter group events | RDS | EventSubscription |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0343 | An RDS event notifications subscription should be configured for critical database security group events | RDS | EventSubscription |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0344 | RDS instances should not use a database engine default port | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0345 | RDS Database Clusters should use a custom administrator username | RDS | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0346 | RDS database instances should use a custom administrator username | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0347 | RDS DB instances should be protected by a backup plan | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0348 | RDS DB clusters should be encrypted at rest | RDS | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0349 | RDS DB instances should have encryption at-rest enabled | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0350 | Aurora MySQL DB clusters should publish audit logs to CloudWatch Logs | RDS | DBClusters |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0351 | RDS DB clusters should have automatic minor version upgrade enabled | RDS | DBCluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0352 | RDS cluster snapshots and database snapshots should be encrypted at rest | RDS | DBSnapshots |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0353 | Enhanced monitoring should be configured for RDS DB instances | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0354 | RDS clusters should have deletion protection enabled | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0355 | RDS DB instances should have deletion protection enabled | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0356 | RDS DB instances should publish logs to CloudWatch Logs | RDS | DBInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0357 | Connections to Amazon Redshift clusters should be encrypted in transit | Redshift | Cluster, ClusterParameterGroup |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0358 | Amazon Redshift clusters should have automatic snapshots enabled | Redshift | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0359 | Redshift clusters should use enhanced VPC routing | Redshift | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0360 | Amazon Redshift clusters should not use the default Admin username | Redshift | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0361 | Redshift clusters should not use the default database name | Redshift | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0362 | Route 53 public hosted zones should log DNS queries | Route53 | HostedZone |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0363 | S3 general purpose buckets with versioning enabled should have Lifecycle configurations | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0364 | S3 general purpose buckets should have event notifications enabled | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0365 | ACLs should not be used to manage user access to S3 general purpose buckets | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0366 | S3 general purpose buckets should have Lifecycle configurations | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0367 | S3 general purpose buckets should have Object Lock enabled | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0368 | S3 general purpose buckets should be encrypted at rest with AWS KMS keys | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0369 | S3 access points should have block public access settings enabled | S3 | AccessPoint |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0370 | S3 general purpose bucket policies should restrict access to other AWS accounts | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0371 | S3 general purpose buckets should use cross-Region replication | S3 | Buckets |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0372 | Amazon SageMaker notebook instances should not have direct internet access | SageMaker | NotebookInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0373 | SageMaker notebook instances should be launched in a custom VPC | SageMaker | NotebookInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0374 | Users should not have root access to SageMaker notebook instances | SageMaker | NotebookInstances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0375 | SageMaker endpoint production variants should have an initial instance count greater than 1 | SageMaker | Endpoint |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0376 | Secrets Manager secrets should have automatic rotation enabled | SecretsManager | Secret |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0377 | Secrets Manager secrets configured with automatic rotation should rotate successfully | SecretsManager | Secret |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0379 | Secrets Manager secrets should be rotated within a specified number of days | SecretsManager | Secret |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0380 | Service Catalog portfolios should be shared within an AWS organization only | ServiceCatalog | Portfolio |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0381 | SNS topics should be encrypted at-rest using AWS KMS | SNS | Topic |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0382 | EC2 instances should be managed by AWS Systems Manager | SSM | Instances |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0383 | EC2 instances managed by Systems Manager should have a patch compliance status of COMPLIANT after a patch installation | SSM | PatchCompliance |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0384 | EC2 instances managed by Systems Manager should have an association compliance status of COMPLIANT | SSM | AssociationCompliance |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0385 | SSM documents should not be public | SSM | Document |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0386 | Transfer Family servers should not use FTP protocol for endpoint connection | Transfer | Server |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0387 | AWS WAF Classic Global Web ACL logging should be enabled | WAF | WebACL |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0388 | AWS WAF web ACLs should have at least one rule or rule group | WAFv2 | WebACL |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0389 | AWS WAF web ACL logging should be enabled | WAFv2 | WebACL |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0390 | AWS WAF rules should have CloudWatch metrics enabled | WAFv2 | WebACL |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0391 | AWS WAF Classic Regional rules should have at least one condition | WAFRegional | Rule |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0392 | AWS WAF Classic Regional rule groups should have at least one rule | WAFRegional | RuleGroup |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0393 | AWS WAF Classic Regional web ACLs should have at least one rule or rule group | WAFRegional | WebACL |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0394 | AWS WAF Classic global rules should have at least one condition | WAF | Rule |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0395 | AWS WAF Classic global rule groups should have at least one rule | WAF | RuleGroup |
| NIST_800_53_rev_5 | CSPM-AWS-2024-0396 | AWS WAF Classic global web ACLs should have at least one rule or rule group | WAF | WebACL |
| NIST_800_53_rev_5 | CSPM-AWS-EKS-2024-0001 | Insufficient Control Plane Logging | EKS | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-EKS-2024-0002 | KMS Encryption Disabled | EKS | Cluster |
| NIST_800_53_rev_5 | CSPM-AWS-EKS-2024-0003 | Publicly Accessible API Server | EKS | Cluster |
