Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
Rule ID | Title | Severity | Service Type | Resource Type |
---|---|---|---|---|
CSPM-AWS-2024-0008 | Trails lacks integration with CloudWatch | Low | CloudTrail | Trails |
CSPM-AWS-2024-0012 | CloudTrail Log File Validation is Disabled | Low | CloudTrail | Trails |
CSPM-AWS-2024-0022 | Publicly Accessible EBS Snapshot | Critical | EC2 | Snapshots |
CSPM-AWS-2024-0092 | Rotation disabled for KMS Symmetric Customer Master Keys (CMKs) | Medium | KMS | Keys |
CSPM-AWS-2024-0119 | Redshift Cluster is Publicly accessible | Critical | Redshift | Cluster |
CSPM-AWS-2024-0167 | In every VPC flow logging must be enabled | Medium | VPC | FlowLog |
CSPM-AWS-2024-0225 | Unused EC2 EIPs should be removed | Low | EC2 | Addresses |
CSPM-AWS-2024-0322 | OpenSearch domains should have encryption at rest enabled | Medium | Opensearch | Domain |
CSPM-AWS-2024-0372 | Amazon SageMaker notebook instances should not have direct internet access | High | SageMaker | NotebookInstances |