| Rule ID | Title | Service Type | Resource Type |
|---|---|---|---|
| CSPM-AWS-2024-0002 | ACM Certificate with Transparency Logging Set to Disabled | ACM | ACM Certificate |
| CSPM-AWS-2024-0008 | Trails lacks integration with CloudWatch | CloudTrail | Trails |
| CSPM-AWS-2024-0009 | CloudTrail Data Events Logging Not Configured | CloudTrail | Trails |
| CSPM-AWS-2024-0010 | CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs). | CloudTrail | Trails |
| CSPM-AWS-2024-0011 | Logging for Global services is Disabled for Trail | CloudTrail | Trails |
| CSPM-AWS-2024-0012 | CloudTrail Log File Validation is Disabled | CloudTrail | Trails |
| CSPM-AWS-2024-0013 | Logging Disabled for Trails | CloudTrail | Trails |
| CSPM-AWS-2024-0014 | CloudTrail Service Not Configured | CloudTrail | Trails |
| CSPM-AWS-2024-0015 | Configuration of CloudTrail Data Logging does not include all Resources | CloudTrail | EventSelector |
| CSPM-AWS-2024-0016 | CloudWatch Alarm without Action | CloudWatch | Alarm |
| CSPM-AWS-2024-0017 | AWS Config Recorders Not Enabled | ConfigService | ConfigurationRecorders |
| CSPM-AWS-2024-0018 | AMIs are Publicly Accessible | EC2 | Images |
| CSPM-AWS-2024-0019 | Use of Default Security Groups | EC2 | Instances |
| CSPM-AWS-2024-0020 | Non-empty Default Security Group Rulesets | EC2 | SecurityGroups |
| CSPM-AWS-2024-0021 | Unencrypted EBS Snapshot | EC2 | Snapshots |
| CSPM-AWS-2024-0022 | Publicly Accessible EBS Snapshot | EC2 | Snapshots |
| CSPM-AWS-2024-0023 | Unencrypted EBS Volume irrespective of its state | EC2 | Volumes |
| CSPM-AWS-2024-0024 | EC2 Instance Belongs to Specific Security Group | EC2 | Instances |
| CSPM-AWS-2024-0026 | Use of Restricted Instances Types | EC2 | Instances |
| CSPM-AWS-2024-0027 | EC2 Instance is Assigned a Public IP Address | EC2 | Instances |
| CSPM-AWS-2024-0029 | EC2 Security Group Allows Access to All Ports | EC2 | SecurityGroups |
| CSPM-AWS-2024-0032 | All ICMP Traffic Permitted by EC2 Security Group | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-01 | Security Group Allows Unrestricted Access through “MySQL” Well-Known Port | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-02 | Security Group Allows Unrestricted Access through “DNS” Well-Known Port | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-03 | Security Group Allows Unrestricted Access through “MongoDB” Well-Known Port | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-04 | Security Group Allows Unrestricted Access through “MsSQL” Well-Known Port | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-05 | Security Group Allows Unrestricted Access through “Oracle DB” Well-Known Port | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-06 | Security Group Allows Unrestricted Access through “PostgreSQL” Well-Known Port | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-07 | Security Group Allows Unrestricted Access through “RDP” Well-Known Port | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-08 | Security Group Allows Unrestricted Access through “SSH” Well-Known Port | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-09 | Security Group Allows Unrestricted Access through “NFS” Well-Known Port | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-10 | Security Group Allows Unrestricted Access through “SMTP” Well-Known Port | EC2 | SecurityGroups |
| CSPM-AWS-2024-0034-01 | Security Group Allows Access through Port FTP | EC2 | SecurityGroups |
| CSPM-AWS-2024-0034-02 | Security Group Allows Access through Port Telnet | EC2 | SecurityGroups |
| CSPM-AWS-2024-0042 | Unused Security Group | EC2 | SecurityGroups |
| CSPM-AWS-2024-0043 | Elastic Load Balancer (ELB) Allows Clear Text (HTTP) Communication | ElasticLoadBalancing | LoadBalancer |
| CSPM-AWS-2024-0044 | Absence of Elastic Load Balancer (ELB) Access Logs | ElasticLoadBalancing | LoadBalancer |
| CSPM-AWS-2024-0045 | An Old SSL/TLS Policy Detected | ElasticLoadBalancing | LoadBalancer |
| CSPM-AWS-2024-0046 | Drop Invalid Header Fields Disabled | ElasticLoadBalancingv2 | LoadBalancer |
| CSPM-AWS-2024-0047 | Elastic Load Balancer (ELBv2) Permits Clear Text (HTTP) Communication | ElasticLoadBalancingv2 | Listener |
| CSPM-AWS-2024-0048 | Lack of ELBv2 Access Logs | ElasticLoadBalancingv2 | LoadBalancer |
| CSPM-AWS-2024-0049 | ELBv2 Lacks Deletion Protection | ElasticLoadBalancingv2 | LoadBalancer |
| CSPM-AWS-2024-0050 | An Old SSL/TLS Policy Detected (ELBv2) | ElasticLoadBalancingv2 | Listener |
| CSPM-AWS-2024-0092 | Rotation disabled for KMS Symmetric Customer Master Keys (CMKs) | KMS | Keys |
| CSPM-AWS-2024-0093 | No CloudWatch Alarm Monitoring for “AWS Configuration Changes” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0094 | No CloudWatch Alarm Monitoring for “CloudTrail Configuration Changes” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0095 | No CloudWatch Alarm for “Disabled or Deleted Master Keys” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0096 | No CloudWatch Alarm for “Failed Console Authentications” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0097 | No CloudWatch Alarm for “IAM Policy Changes” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0098 | No CloudWatch Alarm for “Network Access Control Lists Changes” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0099 | No CloudWatch Alarm for “Network Gateways Changes” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0100 | No CloudWatch Alarm for “Root Account Usage” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0101 | No CloudWatch Alarm for “Route Table Changes” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0102 | No CloudWatch Alarm for “S3 Bucket Policy Changes” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0103 | No CloudWatch Alarm for “Console Logins without MFA” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0104 | No CloudWatch Alarm for”Console Logins without MFA” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0105 | No CloudWatch Alarm for “Unauthorized API Calls” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0106 | No CloudWatch Alarm for “VPC Changes” | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0107 | RDS Instance Backup Disabled | RDS | DBInstances |
| CSPM-AWS-2024-0108 | A Deprecated Certificate Authority found in the RDS Instance | RDS | DBInstances |
| CSPM-AWS-2024-0109 | Auto Minor Version Upgrade Disabled in the RDS Instance | RDS | DBInstances |
| CSPM-AWS-2024-0110 | The RDS Instance is Publicly Accessible | RDS | DBInstances |
| CSPM-AWS-2024-0111 | The Backup Retention Time is Short in RDS Instances | RDS | DBInstances |
| CSPM-AWS-2024-0112 | Single AZ RDS Instance lack the automatic failover capability | RDS | DBInstances |
| CSPM-AWS-2024-0113 | RDS Instance Storage Not Encrypted | RDS | DBInstances |
| CSPM-AWS-2024-0114 | Invalid Legacy SSL Certificate (PostgreSQL) found for RDS DB Instance | RDS | DBInstances |
| CSPM-AWS-2024-0115 | RDS Instance Security Group allows All IP Addresses | RDS | DBSecurityGroup |
| CSPM-AWS-2024-0116 | Publicly Accessible RDS DB Snapshot | RDS | DBSnapshot |
| CSPM-AWS-2024-0117 | Redshift data in the cluster is not encrypted at rest | Redshift | Cluster |
| CSPM-AWS-2024-0118 | Redshift Cluster Version Upgrade is Disabled | Redshift | Cluster |
| CSPM-AWS-2024-0119 | Redshift Cluster is Publicly accessible | Redshift | Cluster |
| CSPM-AWS-2024-0120 | Disabled User Activity Logging for Redshift Cluster | Redshift | ParameterGroup |
| CSPM-AWS-2024-0121 | SSL is not required for Redshift Cluster Parameter Groups | Redshift | ParameterGroups |
| CSPM-AWS-2024-0122 | All Traffic is Allowed by the Redshift Cluster Security Group | Redshift | ClusterSecurityGroups |
| CSPM-AWS-2024-0127 | S3 Bucket has Disabled Default Encryption | S3 | Buckets |
| CSPM-AWS-2024-0128 | Logging of S3 bucket Access is Disabled | S3 | Buckets |
| CSPM-AWS-2024-0129 | S3 Bucket without Multi-Factor Authentication (MFA) Delete | S3 | Buckets |
| CSPM-AWS-2024-0130 | S3 Bucket has No Versioning | S3 | Buckets |
| CSPM-AWS-2024-0138 | SQS Queue Server with Disabled Encryption | SQS | Queue |
| CSPM-AWS-2024-0142 | Unused Network ACLs detected | EC2 | NetworkAcl |
| CSPM-AWS-2024-0143 | VPC Routing Table fails to Maintain High Selectivity in Peering | EC2 | RouteTable |
| CSPM-AWS-2024-0146 | VPC Subnet Lacks a Flow Log | EC2 | FlowLog |
| CSPM-AWS-2024-0147 | S3 bucket access logging is not enabled on the CloudTrail S3 bucket | CloudTrail | Trails |
| CSPM-AWS-2024-0148 | CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events | CloudTrail | Trails |
| CSPM-AWS-2024-0149 | Encryption should be enabled at-rest in CloudTrail. | CloudTrail | Trails |
| CSPM-AWS-2024-0151 | Enable Amazon EBS encryption by default for your account in the current region. | EC2 | Volumes |
| CSPM-AWS-2024-0152 | Ensure that only IMDSv2 is permitted by EC2 Metadata Service. | EC2 | Instances |
| CSPM-AWS-2024-0154 | EFS file systems do not have encryption enabled. | EFS | FileSystems |
| CSPM-AWS-2024-0155 | Ensure that IAM Access analyzer is enabled for all regions | AccessAnalyzer | Analyzer |
| CSPM-AWS-2024-0160 | IAM instance roles are used for AWS resource access from instances | EC2 | Instances |
| CSPM-AWS-2024-0162 | Ensure AWS Organizations changes are monitored using CloudWatchLogs | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0164 | At the bucket level, the S3 Block Public Access setting needs to be enabled. | S3 | Buckets |
| CSPM-AWS-2024-0165 | Enabling the S3 Block Public Access setting is necessary. | S3 | Buckets |
| CSPM-AWS-2024-0166 | Ensure AWS Security Hub is enabled | SecurityHub | Hub |
| CSPM-AWS-2024-0167 | In every VPC, VPC flow logging is must to be enabled. | EC2 | FlowLog |
| CSPM-AWS-2024-0173 | API Gateway REST and WebSocket API execution logging should be enabled | APIGateway | Stages |
| CSPM-AWS-2024-0174 | API Gateway REST API stages should be configured to use SSL certificates for backend authentication | APIGateway | Stages |
| CSPM-AWS-2024-0175 | API Gateway REST API stages should have AWS X-Ray tracing enabled | APIGateway | Stages |
| CSPM-AWS-2024-0176 | API Gateway should be associated with a WAF Web ACL | APIGateway | Stages |
| CSPM-AWS-2024-0177 | API Gateway REST API cache data should be encrypted at rest | APIGateway | Stages |
| CSPM-AWS-2024-0178 | API Gateway routes should specify an authorization type | APIGateway | Stages |
| CSPM-AWS-2024-0179 | Access logging should be configured for API Gateway V2 Stages | APIGateway | Stages |
| CSPM-AWS-2024-0180 | AWS AppSync GraphQL APIs should not be authenticated with API keys | AppSync | AppSync Graphql APIs |
| CSPM-AWS-2024-0182 | Amazon EC2 Auto Scaling group should cover multiple Availability Zones | AutoScaling | AutoScalingGroups |
| CSPM-AWS-2024-0183 | Auto Scaling group launch configurations should configure EC2 instances to require Instance Metadata Service Version 2 (IMDSv2) | AutoScaling | LaunchConfigurations |
| CSPM-AWS-2024-0184 | Amazon EC2 instances launched using Auto Scaling group launch configurations should not have Public IP addresses | AutoScaling | LaunchConfigurations |
| CSPM-AWS-2024-0185 | Auto Scaling groups should use multiple instance types in multiple Availability Zones | AutoScaling | AutoScalingGroups |
| CSPM-AWS-2024-0186 | EC2 Auto Scaling groups should use EC2 launch templates | AutoScaling | AutoScalingGroups |
| CSPM-AWS-2024-0187 | AWS Backup recovery points should be encrypted at rest | Backup | BackupRecoveryPoints |
| CSPM-AWS-2024-0197 | CloudWatch log groups should be retained for a specified time period | CloudWatch | CloudWatchLogGroups |
| CSPM-AWS-2024-0200 | CodeBuild S3 logs should be encrypted | CodeBuild | CodeBuildS3Logs |
| CSPM-AWS-2024-0201 | CodeBuild project environments should have a logging configuration | CodeBuild | CodeBuildProject |
| CSPM-AWS-2024-0202 | AWS Config should be enabled | Config | ConfigurationRecorder |
| CSPM-AWS-2024-0203 | Firehose delivery streams should be encrypted at rest | DataFirehose | DeliveryStream |
| CSPM-AWS-2024-0204 | Database Migration Service replication instances should not be public | DMS | ReplicationInstances |
| CSPM-AWS-2024-0205 | DMS endpoints for Neptune databases should have IAM authorization enabled | DMS | DMSEndpoints |
| CSPM-AWS-2024-0206 | DMS endpoints for MongoDB should have an authentication mechanism enabled | DMS | DMSEndpoints |
| CSPM-AWS-2024-0207 | DMS endpoints for Redis should have TLS enabled | DMS | DMSEndpoints |
| CSPM-AWS-2024-0208 | DMS replication instances should have automatic minor version upgrade enabled | DMS | ReplicationInstances |
| CSPM-AWS-2024-0209 | DMS replication tasks for the target database should have logging enabled | DMS | ReplicationTasks |
| CSPM-AWS-2024-0210 | DMS replication tasks for the source database should have logging enabled | DMS | ReplicationTasks |
| CSPM-AWS-2024-0211 | DMS endpoints should use SSL | DMS | DMSEndpoints |
| CSPM-AWS-2024-0212 | Amazon DocumentDB clusters should be encrypted at rest | DocumentDB | DocumentDBCluster |
| CSPM-AWS-2024-0213 | Amazon DocumentDB clusters should have an adequate backup retention period | DocumentDB | DocumentDBCluster |
| CSPM-AWS-2024-0214 | Amazon DocumentDB manual cluster snapshots should not be public | DocumentDB | DocumentDBManualCluster |
| CSPM-AWS-2024-0215 | Amazon DocumentDB clusters should publish audit logs to CloudWatch Logs | DocumentDB | DocumentDBCluster |
| CSPM-AWS-2024-0216 | Amazon DocumentDB clusters should have deletion protection enabled | DocumentDB | DocumentDBCluster |
| CSPM-AWS-2024-0217 | DynamoDB tables should automatically scale capacity with demand | DynamoDB | DynamoDBTable |
| CSPM-AWS-2024-0218 | DynamoDB tables should have point-in-time recovery enabled | DynamoDB | DynamoDBTable |
| CSPM-AWS-2024-0219 | DynamoDB Accelerator (DAX) clusters should be encrypted at rest | DynamoDB | DAXCluster |
| CSPM-AWS-2024-0220 | DynamoDB tables should be present in a backup plan | DynamoDB | DynamoDBTable |
| CSPM-AWS-2024-0221 | DynamoDB tables should have deletion protection enabled | DynamoDB | DynamoDBTable |
| CSPM-AWS-2024-0222 | DynamoDB Accelerator clusters should be encrypted in transit | DynamoDB | DAXCluster |
| CSPM-AWS-2024-0224 | Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service | EC2 | Instances |
| CSPM-AWS-2024-0225 | Unused EC2 EIPs should be removed | EC2 | Addresses |
| CSPM-AWS-2024-0226 | EC2 subnets should not automatically assign public IP addresses | EC2 | Subnet |
| CSPM-AWS-2024-0227 | Unused Network Access Control Lists should be removed | EC2 | NetworkAcls |
| CSPM-AWS-2024-0228 | EC2 instances should not use multiple ENIs | EC2 | Instances |
| CSPM-AWS-2024-0229 | Security groups should only allow unrestricted incoming traffic for authorized ports | EC2 | SecurityGroups |
| CSPM-AWS-2024-0230 | Both VPN tunnels for an AWS Site-to-Site VPN connection should be up | EC2 | VPCConnections |
| CSPM-AWS-2024-0231 | EC2 Transit Gateways should not automatically accept VPC attachment requests | EC2 | TransitGateway |
| CSPM-AWS-2024-0232 | EC2 paravirtual instance types should not be used | EC2 | Instances |
| CSPM-AWS-2024-0233 | EC2 launch templates should not assign public IPs to network interfaces | EC2 | LaunchTemplate |
| CSPM-AWS-2024-0234 | EBS volumes should be in a backup plan | Backup | BackupSelection |
| CSPM-AWS-2024-0236 | Stopped EC2 instances should be removed after a specified time period | EC2 | Instances |
| CSPM-AWS-2024-0237 | EC2 Client VPN endpoints should have client connection logging enabled | EC2 | ClientVPNEndpoint |
| CSPM-AWS-2024-0238 | ECR private repositories should have image scanning configured | ECR | Repository |
| CSPM-AWS-2024-0239 | ECR private repositories should have tag immutability configured | ECR | Repository |
| CSPM-AWS-2024-0240 | ECR repositories should have at least one lifecycle policy configured | ECR | Repository |
| CSPM-AWS-2024-0241 | Amazon ECS task definitions should have secure networking modes and user definitions | ECS | TaskDefinition |
| CSPM-AWS-2024-0242 | ECS Fargate services should run on the latest Fargate platform version | ECS | Service |
| CSPM-AWS-2024-0243 | ECS clusters should use Container Insights | ECS | Cluster |
| CSPM-AWS-2024-0244 | ECS services should not have public IP addresses assigned to them automatically | ECS | Service |
| CSPM-AWS-2024-0245 | ECS task definitions should not share the host’s process namespace | ECS | TaskDefinition |
| CSPM-AWS-2024-0246 | ECS containers should run as non-privileged | ECS | TaskDefinition |
| CSPM-AWS-2024-0247 | ECS containers should be limited to read-only access to root filesystems | ECS | TaskDefinition |
| CSPM-AWS-2024-0248 | Secrets should not be passed as container environment variables | ECS | TaskDefinition |
| CSPM-AWS-2024-0249 | ECS task definitions should have a logging configuration | ECS | TaskDefinition |
| CSPM-AWS-2024-0250 | Elastic File System should be configured to encrypt file data at-rest using AWS KMS | EFS | FileSystems |
| CSPM-AWS-2024-0251 | Amazon EFS volumes should be in backup plans | Backup | BackupSelection |
| CSPM-AWS-2024-0252 | EFS access points should enforce a root directory | EFS | AccessPoint |
| CSPM-AWS-2024-0253 | EFS access points should enforce a user identity | EFS | AccessPoint |
| CSPM-AWS-2024-0254 | EKS clusters should run on a supported Kubernetes version | EKS | Cluster |
| CSPM-AWS-2024-0255 | ElastiCache Redis clusters should have automatic backup enabled | ElastiCache | CacheClusters |
| CSPM-AWS-2024-0256 | ElastiCache for Redis cache clusters should have auto minor version upgrades enabled | ElastiCache | CacheClusters |
| CSPM-AWS-2024-0257 | ElastiCache replication groups should have automatic failover enabled | ElastiCache | ReplicationGroups |
| CSPM-AWS-2024-0258 | ElastiCache replication groups should have encryption-at-rest enabled | ElastiCache | ReplicationGroups |
| CSPM-AWS-2024-0259 | ElastiCache replication groups should have encryption-in-transit enabled | ElastiCache | ReplicationGroups |
| CSPM-AWS-2024-0260 | ElastiCache for Redis replication groups before version 6.0 should use Redis AUTH | ElastiCache | ReplicationGroups |
| CSPM-AWS-2024-0261 | ElastiCache clusters should not use the default subnet group | ElastiCache | CacheClusters |
| CSPM-AWS-2024-0262 | Elastic Beanstalk environments should have enhanced health reporting enabled | ElasticBeanstalk | Environment |
| CSPM-AWS-2024-0263 | Elastic Beanstalk managed platform updates should be enabled | ElasticBeanstalk | Environment |
| CSPM-AWS-2024-0264 | Application Load Balancer should be configured to redirect all HTTP requests to HTTPS | ELBv2 | ApplicationLoadBalancer |
| CSPM-AWS-2024-0265 | Classic Load Balancer should span multiple Availability Zones | ELB | LoadBalancers |
| CSPM-AWS-2024-0266 | Application Load Balancer should be configured with defensive or strictest desync mitigation mode | ELBv2 | LoadBalancer |
| CSPM-AWS-2024-0267 | Application, Network and Gateway Load Balancers should span multiple Availability Zones | ELBv2 | LoadBalancer |
| CSPM-AWS-2024-0268 | Classic Load Balancer should be configured with defensive or strictest desync mitigation mode | ELB | LoadBalancer |
| CSPM-AWS-2024-0270 | Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate Manager | ELB | LoadBalancer |
| CSPM-AWS-2024-0271 | Classic Load Balancers should have connection draining enabled | ELB | LoadBalancer |
| CSPM-AWS-2024-0273 | Classic Load Balancers should have cross-zone load balancing enabled | ELB | LoadBalancer |
| CSPM-AWS-2024-0274 | Amazon EMR cluster primary nodes should not have public IP addresses | EMR | EMRCluster |
| CSPM-AWS-2024-0275 | Amazon EMR block public access setting should be enabled | EMR | EMRCluster |
| CSPM-AWS-2024-0276 | Elasticsearch domains should have encryption at-rest enabled | ES | ElasticSearchDomain |
| CSPM-AWS-2024-0277 | Elasticsearch domains should not be publicly accessible | ES | ElasticSearchDomain |
| CSPM-AWS-2024-0278 | Elasticsearch domains should encrypt data sent between nodes | ES | ElasticSearchDomain |
| CSPM-AWS-2024-0279 | Elasticsearch domain error logging to CloudWatch Logs should be enabled | ES | ElasticSearchDomain |
| CSPM-AWS-2024-0280 | Elasticsearch domains should have audit logging enabled | ES | ElasticSearchDomain |
| CSPM-AWS-2024-0281 | Elasticsearch domains should have at least three data nodes | ES | ElasticSearchDomain |
| CSPM-AWS-2024-0282 | Elasticsearch domains should be configured with at least three dedicated master nodes | ES | ElasticSearchDomain |
| CSPM-AWS-2024-0283 | Connections to Elasticsearch domains should be encrypted using the latest TLS security policy | ES | ElasticSearchDomain |
| CSPM-AWS-2024-0284 | EventBridge custom event buses should have a resource-based policy attached | EventBridge | EventBus |
| CSPM-AWS-2024-0285 | EventBridge global endpoints should have event replication enabled | EventBridge | Endpoint |
| CSPM-AWS-2024-0286 | FSx for OpenZFS file systems should be configured to copy tags to backups and volumes | FSx | FileSystem |
| CSPM-AWS-2024-0287 | FSx for Lustre file systems should be configured to copy tags to backups | FSx | FileSystem |
| CSPM-AWS-2024-0288 | GuardDuty should be enabled | GuardDuty | Account |
| CSPM-AWS-2024-0290 | Kinesis streams should be encrypted at rest | Kinesis | Stream |
| CSPM-AWS-2024-0293 | AWS KMS keys should not be deleted unintentionally | KMS | Key |
| CSPM-AWS-2024-0294 | Lambda function policies should prohibit public access | Lambda | LambdaFunction |
| CSPM-AWS-2024-0295 | Lambda functions should use supported runtimes | Lambda | LambdaFunction |
| CSPM-AWS-2024-0296 | Lambda functions should be in a VPC | Lambda | LambdaFunction |
| CSPM-AWS-2024-0298 | Macie should be enabled | Macie | Session |
| CSPM-AWS-2024-0299 | Macie automated sensitive data discovery should be enabled | Macie | Account |
| CSPM-AWS-2024-0300 | ActiveMQ brokers should stream audit logs to CloudWatch | MQ | Broker |
| CSPM-AWS-2024-0301 | Amazon MQ brokers should have automatic minor version upgrade enabled | MQ | Broker |
| CSPM-AWS-2024-0302 | ActiveMQ brokers should use active/standby deployment mode | MQ | Broker |
| CSPM-AWS-2024-0303 | RabbitMQ brokers should use cluster deployment mode | MQ | Broker |
| CSPM-AWS-2024-0304 | MSK clusters should be encrypted in transit among broker nodes | MSK | Cluster |
| CSPM-AWS-2024-0305 | MSK clusters should have enhanced monitoring configured | MSK | Cluster |
| CSPM-AWS-2024-0306 | Neptune DB clusters should be encrypted at rest | Neptune | DBCluster |
| CSPM-AWS-2024-0307 | Neptune DB clusters should publish audit logs to CloudWatch Logs | Neptune | DBCluster |
| CSPM-AWS-2024-0308 | Neptune DB cluster snapshots should not be public | Neptune | DBClusterSnapshot |
| CSPM-AWS-2024-0309 | Neptune DB clusters should have deletion protection enabled | Neptune | DBCluster |
| CSPM-AWS-2024-0310 | Neptune DB clusters should have automated backups enabled | Neptune | DBCluster |
| CSPM-AWS-2024-0311 | Neptune DB cluster snapshots should be encrypted at rest | Neptune | DBClusterSnapshot |
| CSPM-AWS-2024-0312 | Neptune DB clusters should have IAM database authentication enabled | Neptune | DBCluster |
| CSPM-AWS-2024-0313 | Neptune DB clusters should be configured to copy tags to snapshots | Neptune | DBCluster |
| CSPM-AWS-2024-0314 | Neptune DB clusters should be deployed across multiple Availability Zones | Neptune | DBCluster |
| CSPM-AWS-2024-0315 | Network Firewall firewalls should be deployed across multiple Availability Zones | NetworkFirewall | Firewall |
| CSPM-AWS-2024-0316 | Network Firewall logging should be enabled | NetworkFirewall | LoggingConfiguration |
| CSPM-AWS-2024-0317 | Network Firewall policies should have at least one rule group associated | NetworkFirewall | FirewallPolicy |
| CSPM-AWS-2024-0318 | The default stateless action for Network Firewall policies should be drop or forward for full packets | NetworkFirewall | FirewallPolicy |
| CSPM-AWS-2024-0319 | The default stateless action for Network Firewall policies should be drop or forward for fragmented packets | NetworkFirewall | FirewallPolicy |
| CSPM-AWS-2024-0320 | Stateless network firewall rule group should not be empty | NetworkFirewall | RuleGroup |
| CSPM-AWS-2024-0321 | Network Firewall firewalls should have deletion protection enabled | NetworkFirewall | Firewall |
| CSPM-AWS-2024-0322 | OpenSearch domains should have encryption at rest enabled | Opensearch | Domain |
| CSPM-AWS-2024-0323 | OpenSearch domains should have the latest software update installed | Opensearch | Domain |
| CSPM-AWS-2024-0324 | OpenSearch domains should have at least three dedicated primary nodes | Opensearch | Domain |
| CSPM-AWS-2024-0325 | OpenSearch domains should not be publicly accessible | Opensearch | Domain |
| CSPM-AWS-2024-0326 | OpenSearch domains should encrypt data sent between nodes | Opensearch | Domain |
| CSPM-AWS-2024-0328 | OpenSearch domains should have audit logging enabled | Opensearch | Domain |
| CSPM-AWS-2024-0329 | OpenSearch domains should have at least three data nodes | Opensearch | Domain |
| CSPM-AWS-2024-0330 | OpenSearch domains should have fine-grained access control enabled | Opensearch | Domain |
| CSPM-AWS-2024-0331 | Connections to OpenSearch domains should be encrypted using the latest TLS security policy | Opensearch | Domain |
| CSPM-AWS-2024-0332 | AWS Private CA root certificate authority should be disabled | PCA | CertificateAuthority |
| CSPM-AWS-2024-0333 | IAM authentication should be configured for RDS instances | RDS | DBInstances |
| CSPM-AWS-2024-0334 | IAM authentication should be configured for RDS clusters | RDS | DBCluster |
| CSPM-AWS-2024-0335 | Amazon Aurora clusters should have backtracking enabled | RDS | DBCluster |
| CSPM-AWS-2024-0336 | RDS DB clusters should be configured for multiple Availability Zones | RDS | DBCluster |
| CSPM-AWS-2024-0337 | RDS DB clusters should be configured to copy tags to snapshots | RDS | DBCluster |
| CSPM-AWS-2024-0338 | RDS DB instances should be configured to copy tags to snapshots | RDS | DBInstances |
| CSPM-AWS-2024-0339 | RDS instances should be deployed in a VPC | RDS | DBInstances |
| CSPM-AWS-2024-0340 | Existing RDS event notification subscriptions should be configured for critical cluster events | RDS | EventSubscription |
| CSPM-AWS-2024-0341 | Existing RDS event notification subscriptions should be configured for critical database instance events | RDS | EventSubscription |
| CSPM-AWS-2024-0342 | An RDS event notifications subscription should be configured for critical database parameter group events | RDS | EventSubscription |
| CSPM-AWS-2024-0343 | An RDS event notifications subscription should be configured for critical database security group events | RDS | EventSubscription |
| CSPM-AWS-2024-0344 | RDS instances should not use a database engine default port | RDS | DBInstances |
| CSPM-AWS-2024-0345 | RDS Database Clusters should use a custom administrator username | RDS | DBCluster |
| CSPM-AWS-2024-0346 | RDS database instances should use a custom administrator username | RDS | DBInstances |
| CSPM-AWS-2024-0347 | RDS DB instances should be protected by a backup plan | RDS | DBInstances |
| CSPM-AWS-2024-0348 | RDS DB clusters should be encrypted at rest | RDS | DBCluster |
| CSPM-AWS-2024-0349 | RDS DB instances should have encryption at-rest enabled | RDS | DBInstances |
| CSPM-AWS-2024-0350 | Aurora MySQL DB clusters should publish audit logs to CloudWatch Logs | RDS | DBClusters |
| CSPM-AWS-2024-0351 | RDS DB clusters should have automatic minor version upgrade enabled | RDS | DBCluster |
| CSPM-AWS-2024-0352 | RDS cluster snapshots and database snapshots should be encrypted at rest | RDS | DBSnapshots |
| CSPM-AWS-2024-0353 | Enhanced monitoring should be configured for RDS DB instances | RDS | DBInstances |
| CSPM-AWS-2024-0354 | RDS clusters should have deletion protection enabled | RDS | DBInstances |
| CSPM-AWS-2024-0355 | RDS DB instances should have deletion protection enabled | RDS | DBInstances |
| CSPM-AWS-2024-0356 | RDS DB instances should publish logs to CloudWatch Logs | RDS | DBInstances |
| CSPM-AWS-2024-0357 | Connections to Amazon Redshift clusters should be encrypted in transit | Redshift | Cluster, ClusterParameterGroup |
| CSPM-AWS-2024-0358 | Amazon Redshift clusters should have automatic snapshots enabled | Redshift | Cluster |
| CSPM-AWS-2024-0359 | Redshift clusters should use enhanced VPC routing | Redshift | Cluster |
| CSPM-AWS-2024-0360 | Amazon Redshift clusters should not use the default Admin username | Redshift | Cluster |
| CSPM-AWS-2024-0361 | Redshift clusters should not use the default database name | Redshift | Cluster |
| CSPM-AWS-2024-0363 | S3 general purpose buckets with versioning enabled should have Lifecycle configurations | S3 | Buckets |
| CSPM-AWS-2024-0364 | S3 general purpose buckets should have event notifications enabled | S3 | Buckets |
| CSPM-AWS-2024-0365 | ACLs should not be used to manage user access to S3 general purpose buckets | S3 | Buckets |
| CSPM-AWS-2024-0366 | S3 general purpose buckets should have Lifecycle configurations | S3 | Buckets |
| CSPM-AWS-2024-0367 | S3 general purpose buckets should have Object Lock enabled | S3 | Buckets |
| CSPM-AWS-2024-0368 | S3 general purpose buckets should be encrypted at rest with AWS KMS keys | S3 | Buckets |
| CSPM-AWS-2024-0369 | S3 access points should have block public access settings enabled | S3 | AccessPoint |
| CSPM-AWS-2024-0370 | S3 general purpose bucket policies should restrict access to other AWS accounts | S3 | Buckets |
| CSPM-AWS-2024-0371 | S3 general purpose buckets should use cross-Region replication | S3 | Buckets |
| CSPM-AWS-2024-0372 | Amazon SageMaker notebook instances should not have direct internet access | SageMaker | NotebookInstances |
| CSPM-AWS-2024-0373 | SageMaker notebook instances should be launched in a custom VPC | SageMaker | NotebookInstances |
| CSPM-AWS-2024-0374 | Users should not have root access to SageMaker notebook instances | SageMaker | NotebookInstances |
| CSPM-AWS-2024-0375 | SageMaker endpoint production variants should have an initial instance count greater than 1 | SageMaker | Endpoint |
| CSPM-AWS-2024-0376 | Secrets Manager secrets should have automatic rotation enabled | SecretsManager | Secret |
| CSPM-AWS-2024-0377 | Secrets Manager secrets configured with automatic rotation should rotate successfully | SecretsManager | Secret |
| CSPM-AWS-2024-0379 | Secrets Manager secrets should be rotated within a specified number of days | SecretsManager | Secret |
| CSPM-AWS-2024-0380 | Service Catalog portfolios should be shared within an AWS organization only | ServiceCatalog | Portfolio |
| CSPM-AWS-2024-0381 | SNS topics should be encrypted at-rest using AWS KMS | SNS | Topic |
| CSPM-AWS-2024-0382 | EC2 instances should be managed by AWS Systems Manager | SSM | Instances |
| CSPM-AWS-2024-0383 | EC2 instances managed by Systems Manager should have a patch compliance status of COMPLIANT after a patch installation | SSM | PatchCompliance |
| CSPM-AWS-2024-0384 | EC2 instances managed by Systems Manager should have an association compliance status of COMPLIANT | SSM | AssociationCompliance |
| CSPM-AWS-2024-0385 | SSM documents should not be public | SSM | Document |
| CSPM-AWS-2024-0386 | Transfer Family servers should not use FTP protocol for endpoint connection | Transfer | Server |
| CSPM-AWS-2024-0397 | At least one CloudTrail trail should be enabled | CloudTrail | Trails |
| CSPM-AWS-2024-0398 | A log metric filter and alarm should exist for usage of the “root” user | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0403 | ECR Repository Should Not Be Public | ECR | Repository |
| CSPM-AWS-2024-0404 | Lambda With Secrets As Environment Variables | Lambda | Functions |
| CSPM-AWS-2024-0407 | Detect Public ‘READ_ACP’ Access on S3 Buckets | S3 | Buckets |
| CSPM-AWS-2024-0408 | Detect Public ‘WRITE’ ACL Access on S3 Buckets | S3 | Buckets |
| CSPM-AWS-2024-0409 | Detect Public ‘WRITE_ACP’ ACL Access on S3 Buckets | S3 | Buckets |
| CSPM-AWS-2024-0410 | Detect ‘READ’ Access for Authenticated AWS Users on S3 Buckets | S3 | Buckets |
| CSPM-AWS-2024-0411 | Detect ‘READ_ACP’ Access for Authenticated AWS Users on S3 Buckets | S3 | Buckets |
| CSPM-AWS-2024-0412 | Detect ‘WRITE’ Access for Authenticated AWS Users on S3 Buckets | S3 | Buckets |
| CSPM-AWS-2024-0413 | Detect ‘WRITE_ACP’ Access for Authenticated AWS Users on S3 Buckets | S3 | Buckets |
| CSPM-AWS-2024-0414 | Detect ‘FULL_CONTROL’ Access for Authenticated AWS Users on S3 Buckets | S3 | Buckets |
| CSPM-AWS-2024-0416 | Ensure Encryption for AWS AMIs is Enabled | EC2 | Images |
| CSPM-AWS-2024-0417 | Ensure EC2 Instances Are Not in Public Subnets | EC2 | Instances |
| CSPM-AWS-2024-0418 | Ensure Proper EC2 Security Group Configuration for ELB | ElasticLoadBalancing | LoadBalancers |
| CSPM-AWS-2024-0419 | Review Internet-Facing Classic Load Balancers (CLBs) for Security | ElasticLoadBalancing | LoadBalancers |
| CSPM-AWS-2024-0420 | Analyze Amazon Macie Finding Statistics for S3 Buckets | S3 | Buckets |
| CSPM-AWS-2024-0427 | Detect IAM CreateLoginProfile Activity | CloudTrail | Events |
| CSPM-AWS-2024-0431 | Ensure Secure KMS Cross-Account Access | KMS | Key |
| CSPM-AWS-2024-0432 | Ensure Secure SQS Cross-Account Access | SQS | Queue |
| CSPM-AWS-2024-0433 | Ensure Redshift Clusters Are Encrypted with KMS Customer Managed Keys | Redshift | Cluster |
| CSPM-AWS-2024-0434 | Set Up AWS Billing Alarm to Monitor Costs | CloudWatch | Alarm |
| CSPM-AWS-2024-0435 | Ensure Metric Filter for Rejected Traffic in VPC Flow Logs | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0439 | Restrict Cross-Account Access to Amazon OpenSearch Domains | ElasticsearchService | ElasticSearchDomain |
| CSPM-AWS-2024-0440 | Enable Amazon OpenSearch Domain Encryption with KMS Customer-Managed Keys (CMKs) | ElasticsearchService | ElasticSearchDomain |
| CSPM-AWS-2024-0441 | Enable Storage Encryption for Amazon WorkSpaces | WorkSpaces | Workspace |
| CSPM-AWS-2024-0442 | Enable In-Transit and At-Rest Encryption for Amazon EMR Clusters | EMR | EMRCluster |
| CSPM-AWS-2024-0445 | Enable Encryption at Rest for Lambda Environment Variables using Customer Master Keys | Lambda | Function |
| CSPM-AWS-2024-0446 | Enable IAM Authentication for Lambda Function URLs | Lambda | FunctionUrlConfigs |
| CSPM-AWS-2024-0447 | Kinesis Stream Not Encrypted With CMK | Kinesis | Stream |
| CSPM-AWS-2024-0448 | Amazon Macie Not Enabled | Macie | Session |
| CSPM-AWS-2024-0449 | Improper Security Group Configuration for ELBv2 ALB | ELBv2 | LoadBalancers |
| CSPM-AWS-2024-0450 | Unreviewed Internet-Facing ELBv2 Load Balancers | ELBv2 | LoadBalancers |
| CSPM-AWS-2024-0451 | Excessive SSM Session Length Detected | SSM | Session |
| CSPM-AWS-2024-0452 | SageMaker Notebook Data Not Encrypted with Customer Managed Keys | SageMaker | NotebookInstances |
| CSPM-AWS-2024-0453 | Neptune Database Not Encrypted with Customer Managed Keys | Neptune | DBInstances |
| CSPM-AWS-2024-0454 | Glue Data Catalog Not Encrypted with Customer Managed Keys | Glue | DataCatalog |
| CSPM-AWS-2024-0455 | X-Ray Data Not Encrypted with Customer Managed Keys | XRay | EncryptionConfig |
| CSPM-AWS-2024-0456 | Secrets Not Encrypted with Customer Managed Keys | SecretsManager | Secret |
| CSPM-AWS-2024-0457 | DocumentDB Clusters Not Encrypted with KMS Customer Managed Keys | DocumentDB | DBCluster |
| CSPM-AWS-2024-0458 | DMS Replication Instances Not Encrypted with KMS Customer Managed Keys | DMS | ReplicationInstances |
| CSPM-AWS-2024-0460 | Storage Gateway File Shares Not Encrypted with KMS Customer Managed Keys | Storagegateway | FileShare |
| CSPM-AWS-2024-0461 | AWS Comprehend Analysis Job Results Not Encrypted with KMS | Comprehend | EntitiesDetectionJob |
| CSPM-AWS-2024-0462 | Unresolved IAM Access Analyzer Findings Detected | AccessAnalyzer | Findings |
| CSPM-AWS-2024-0463 | AppFlow Data Not Encrypted with KMS Customer Managed Keys | AppFlow | Flow |
| CSPM-AWS-2024-0464 | Agent Sessions Not Encrypted with Customer-Managed Keys in Amazon Bedrock | Bedrock | Agent |
| CSPM-AWS-2024-0465 | Agent Sessions Not Protected by Guardrails in Amazon Bedrock | Bedrock | Agent |
| CSPM-AWS-2024-0466 | Amazon Bedrock Guardrails Not Encrypted with Customer-Managed Keys | Bedrock | Guardrails |
| CSPM-AWS-2024-0467 | Amazon Bedrock Custom Models Not Encrypted with Customer-Managed Keys | Bedrock | CustomModel |
| CSPM-AWS-2024-0468 | Amazon Bedrock Guardrails Missing Sensitive Information Filters | Bedrock | Guardrails |
| CSPM-AWS-2024-0471 | EC2 Instance Launched Outside of a VPC Detected | EC2 | Instances |
| CSPM-AWS-2024-0472 | EC2 Instance Using Incorrect Tenancy Model | EC2 | Instances |
| CSPM-AWS-2024-0473 | EC2 Instance Not in an Auto Scaling Group | EC2 | Instances |
| CSPM-AWS-2024-0475 | Security Group Allowing Excessive RFC 1918 Private IP Ranges | EC2 | SecurityGroups |
| CSPM-AWS-2024-0476 | Unrestricted Security Group Egress Detected | EC2 | SecurityGroups |
| CSPM-AWS-2024-0477 | Unrestricted Telnet Access Detected | EC2 | SecurityGroups |
| CSPM-AWS-2024-0478 | Unrestricted RPC Access Detected | EC2 | SecurityGroups |
| CSPM-AWS-2024-0479 | Unrestricted NetBIOS Access Detected | EC2 | SecurityGroups |
| CSPM-AWS-2024-0480 | Unrestricted FTP Access Detected | EC2 | SecurityGroups |
| CSPM-AWS-2024-0481 | Unrestricted CIFS Access Detected | EC2 | SecurityGroup |
| CSPM-AWS-2024-0483 | Unrestricted HTTP Access Detected | EC2 | SecurityGroups |
| CSPM-AWS-2024-0484 | Unrestricted HTTPS Access Detected | EC2 | SecurityGroups |
| CSPM-AWS-2024-0485 | App-Tier EC2 Instance Using IAM Roles | EC2 | Instances |
| CSPM-AWS-2024-0486 | EC2 Instances Scanned by Amazon Inspector Classic | Inspector | AssessmentTarget |
| CSPM-AWS-2024-0487 | Unused EBS Volumes | EC2 | Volumes |
| CSPM-AWS-2024-0488 | VPC Endpoint Cross Account Access | EC2 | VPCEndpoint |
| CSPM-AWS-2024-0490 | S3 Buckets with Website Hosting Configuration Enabled | S3 | Buckets |
| CSPM-AWS-2024-0491 | CloudTrail Integrated With CloudWatch | CloudTrail | Trails |
| CSPM-AWS-2024-0492 | CloudTrail Delivery Failing | CloudTrail | Trails |
| CSPM-AWS-2024-0509 | Ensure KMS Customer Master Key (CMK) is Utilized for EBS Volume | EC2 | Volumes |
| CSPM-AWS-2024-0511 | SQS Queues Encrypted with KMS CMKs | SQS | Queue |
| CSPM-AWS-2024-0512 | CloudFormation Stack Notification Integration | CloudFormation | Stack |
| CSPM-AWS-2024-0513 | Ensure CloudFormation Stack Policies Prevent Accidental Updates | CloudFormation | Stack |
| CSPM-AWS-2024-0514 | Enable Termination Protection for CloudFormation Stacks | CloudFormation | Stack |
| CSPM-AWS-2024-0515 | AWS Config Global Resources Inclusion | ConfigService | ConfigurationRecorder |
| CSPM-AWS-2024-0516 | AWS Config Log Delivery Failure | ConfigService | ConfigurationRecordersStatus |
| CSPM-AWS-2024-0519 | Ensure Redshift Clusters Are Launched in VPC | Redshift | Clusters |
| CSPM-AWS-2024-0522 | Ensure CloudWatch Events Are Enabled | Events | EventBridgeRules |
| CSPM-AWS-2024-0524 | EC2 Instance Provisioning Alert – Large Instances Detected | CloudWatch | Alarms |
| CSPM-AWS-2024-0525 | EC2 Instance Configuration and Status Change Detected | CloudWatch | Alarms |
| CSPM-AWS-2024-0526 | AWS Organizations Configuration Changes Detected – Monitor for Unauthorized Modifications | CloudWatch | Alarms |
| CSPM-AWS-2024-0527 | Ensure ElastiCache Clusters are Deployed in VPC | ElastiCache | Cluster |
| CSPM-AWS-2024-0529 | ElastiCache Node Type Compliance | ElastiCache | Cluster |
| CSPM-AWS-2024-0530 | Ensure ElastiCache Engine Version Compliance | ElastiCache | Cluster |
| CSPM-AWS-2024-0531 | OpenSearch Cluster Nodes Limit | ElasticsearchService | ElasticSearchDomain |
| CSPM-AWS-2024-0532 | Ensure OpenSearch Cluster Instances are of Specified Instance Types | ElasticsearchService | ElasticSearchDomain |
| CSPM-AWS-2024-0534 | Enforce Specific Amazon WorkSpaces Bundle Types | WorkSpaces | Bundle |
| CSPM-AWS-2024-0535 | Ensure ACM Certificate Requests Are Validated | ACM | Certificate |
| CSPM-AWS-2024-0537 | Amazon Inspector Findings Detected – Address Security Vulnerabilities | Inspector | Findings |
| CSPM-AWS-2024-0538 | Ensure No Amazon Inspector Exclusions | Inspector | Findings |
| CSPM-AWS-2024-0539 | Ensure Amazon Inspector 2 is Enabled | Inspector2 | Inspector2 |
| CSPM-AWS-2024-0540 | Comprehensive Trusted Advisor Checks | TrustedAdvisor | TrustedAdvisorCheck |
| CSPM-AWS-2024-0542 | Amazon EMR Cluster Instance Limit | EMR | Cluster |
| CSPM-AWS-2024-0543 | EMR Cluster Desired Instance Types | EMR | Cluster |
| CSPM-AWS-2024-0544 | Ensure Amazon EMR Clusters Are In VPC | EMR | Cluster |
| CSPM-AWS-2024-0546 | Detect Lambda Functions with Admin Privileges | Lambda | Policy |
| CSPM-AWS-2024-0547 | Ensure Lambda Functions Do Not Use Function URLs | Lambda | Function |
| CSPM-AWS-2024-0549 | Amazon Macie Sensitive Data Repository Configuration | Macie2 | Configuration |
| CSPM-AWS-2024-0550 | Amazon Macie Data Discovery Job Configuration | Macie2 | Configuration |
| CSPM-AWS-2024-0551 | Ensure Private API Gateway Endpoints | APIGateway | Endpoint |
| CSPM-AWS-2024-0552 | API Gateway Client Certificate Misconfiguration – Verify SSL Certificate Usage | APIGateway | Endpoint |
| CSPM-AWS-2024-0554 | Detect and Resolve GuardDuty Findings | GuardDuty | Findings |
| CSPM-AWS-2024-0555 | Ensure S3 Protection is Enabled for GuardDuty | GuardDuty | Findings |
| CSPM-AWS-2024-0556 | Ensure Malware Protection is Enabled for Amazon EC2 in GuardDuty | GuardDuty | Findings |
| CSPM-AWS-2024-0557 | Ensure AWS Config Rules Compliance | ConfigService | ConfigRule |
| CSPM-AWS-2024-0559 | Ensure SSM Parameters are Encrypted | SSM | Parameters |
| CSPM-AWS-2024-0560 | Enforce VPC-Only Access for SageMaker Domains | SageMaker | Domain |
| CSPM-AWS-2024-0562 | Ensure Glue Data Catalog Encryption at Rest | Glue | Catalog |
| CSPM-AWS-2024-0563 | Amazon S3 Encryption Misconfiguration – Ensure Encryption at Rest is Enabled | Glue | SecurityConfiguration |
| CSPM-AWS-2024-0564 | Ensure CloudWatch Logs Encryption for AWS Glue is Enabled | Glue | SecurityConfiguration |
| CSPM-AWS-2024-0565 | AWS Glue Job Bookmark Encryption Configuration | Glue | SecurityConfiguration |
| CSPM-AWS-2024-0566 | Ensure Secrets Manager is Utilized | SecretsManager | Secrets |
| CSPM-AWS-2024-0567 | EKS Security Groups Configuration | EKS | SecurityGroups |
| CSPM-AWS-2024-0568 | Ensure Latest ECS Container Instance Agent Version | ECS | ContainerInstance |
| CSPM-AWS-2024-0569 | AWS Well-Architected Tool Usage Verification | WellArchitected | Workloads |
| CSPM-AWS-2024-0570 | Detection of High and Medium Risk Issues from AWS Well-Architected Tool | WellArchitected | Workloads |
| CSPM-AWS-2024-0576 | Ensure Descriptive Text for EC2 Security Group Rules | EC2 | SecurityGroupRules |
| CSPM-AWS-2024-0577 | Default Security Group Detected – Avoid ‘launch-wizard’ Prefixed Groups | EC2 | Instances |
| CSPM-AWS-2024-0578 | Outdated EC2 AMI | EC2 | Images |
| CSPM-AWS-2024-0589 | Ensure Redshift Clusters Do Not Use Default Port 5439 | Redshift | Clusters |
| CSPM-AWS-2024-0590 | Resource Tagging not present | ResourceGroupsTaggingAPI | Resources |
| CSPM-AWS-2024-0591 | AWS SES Identity Verification | SES | Identity |
| CSPM-AWS-2024-0592-01 | ElastiCache Cluster Non-Default Port Enforcement (Redis Cluster) | ElastiCache | ReplicationGroups |
| CSPM-AWS-2024-0592-02 | ElastiCache Cluster Non-Default Port Enforcement (Memcached Cluster) | ElastiCache | CacheClusters |
| CSPM-AWS-2024-0593 | Detect ACM Certificates with Wildcard Domain Names | ACM | Certificate |
| CSPM-AWS-2024-0594 | Ensure Latest Apache ActiveMQ Engine Version for Amazon MQ Brokers | MQ | Broker |
| CSPM-AWS-EKS-2024-0001 | Insufficient Control Plane Logging | EKS | Cluster |
| CSPM-AWS-EKS-2024-0002 | KMS Encryption Disabled | EKS | Cluster |
| CSPM-AWS-EKS-2024-0003 | Publicly Accessible API Server | EKS | Cluster |
