Skip to content
SecPod  – Documentation
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
Search this website
Menu Close
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO

Saner Platform

  • Saner Platform Release Notes
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner Platform Guide
    • Saner Platform Function Guides
    • Saner Device Management User Guide
  • FAQs
    • Saner CVEM Technical FAQs
  • How Tos
    • General
      • How to increase the subscription count for an Account in Saner CVEM
      • How to increment license count for an Organization in Saner CVEM
      • How to provision Saner tools for an Organization
      • How to change subscription type in Saner CVEM
      • How to sign-up with Saner CVEM?
      • How to create a new account in Saner CVEM?
      • How to create a new user in Saner CVEM?
      • How to enable SSO authentication policy in Saner CVEM?
      • How to set alerts in SanerNow?
      • How to view, download and filter the audit logs?
      • How to designate Saner Agent to perform network scan?
      • How to Co-Brand with your logo?
      • How to fetch the details of the mandatory fields from the Okta account?
      • How to create MFA policy for Okta?
      • How to fetch the details of the mandatory fields from the PingID account?
      • How to create MFA policy for PingID?
      • How to fetch the details of the mandatory fields from the PingOne account?
      • How to create MFA policy for PingOne?
      • How to download and install Saner Agent in Mac?
      • How to download and install Saner agent in Linux?
      • How to download and install the Saner agent in Windows?
      • How to update the expiry date of an existing subscription?
      • How to manage users and their preferences using role-based access?
      • How to uninstall SanerNow Agent using SanerNow Offline deployer tool.
      • How to onboard a new organization?
      • How to deploy SanerNow Agent using SanerNow Offline deployer tool.
      • How to install a Saner agent through the command line?
      • How to uninstall the Saner agent through command line?
    • Saner Reports
      • How to configure mail settings to email Report PDF?
      • How to create a custom report in SanerNow?
      • How to schedule for the report back up?
    • Saner Device Management
      • How to create custom groups in Saner CVEM
    • Saner Mail Settings
      • How to create new mail settings in Saner?
      • How to use OAuth-enabled authentication in Saner mail settings
      • How to create OAuth Client ID and Client Secret for Gmail
      • How to create OAuth Client ID and Client Secret for Microsoft 365.
  • Supported OSs and Platforms
    • Operating Systems and Platforms Supported
    • Supported Third-party Applications for Patching

Saner Cloud

  • Before You Begin
    • Glossary of Terms
    • Read me First
  • Get Started
    • Saner Cloud Deployment Guides
      • Azure Onboarding
      • Troubleshooting
      • Get Started with Saner CNAPP AWS Cloud Deployment V1.0
      • Onboarding with AWS Credentials(Least Recommended Method)
      • Onboarding with AWS Role(Manual)
      • Onboarding with AWS Role CloudFormation (Automatic): Recommended
    • Roles and Permissions
      • Roles and Permissions for AWS Remediation Access
      • Roles and Permissions for Azure Onboarding, Detection, and Remediation
  • Learn About
    • Excessive Permission Categories Evaluated Across Different Cloud Services
    • Publicly Accessible Resources
    • Patch Aging and Patch Impact
    • SecPod Default Benchmarks
    • Watchlists
    • Cloud Workload Protection Platform(CWPP)
    • Overview of Report Views in Saner Cloud
    • Whitelisting Resources
    • Saner Plasma AI Assistant for Seamless User Interaction
    • Critical Events to Monitor in AWS
    • High-Privilege Actions in Critical Activity Logs for AWS
    • Audit Logs in Saner Cloud
    • Excessive Permissions
    • Alerts in SanerCloud
  • User Guides
    • Cloud Security Remediation Management(CSRM) User Guide
    • Cloud Infrastructure Entitlement Management(CIEM) User Guide
    • Cloud Security Posture Anomaly(CSPA) User Guide
    • Cloud Security Asset Exposure(CSAE) User Guide
    • Cloud Security Posture Management(CSPM) User Guide
  • Tell Me How
    • How to Configure Automation Rule to Remediate Misconfigurations?
    • How to Manage Report Views at Organization-level in Saner Cloud?
    • How to Get a Cohesive View from Saner Cloud Unified Dashboard?
    • How to Use Tags to Quickly Filter Resources?
    • How to Troubleshoot Issues with Audit Logs?
    • How to Manage Groups and Tags in Saner Cloud?
    • How to Manage Report Views for a User Account in Saner Cloud?
    • How to Troubleshoot or Analyze with Critical Activity Logs?
    • How to Setup Alerts Across SanerCloud Tools?
    • How to Take Action on Alert Notifications from SanerCloud?
    • CSAE
      • How to Setup Watchlist Configuration for a Resource?
      • How to Identify Outdated Resources for Cleanup?
      • How does Resource Categorization Work in Saner CSAE?
      • How to Identify Resources Exposed to External Network?
      • How to Understand the Resource Footprint Globally Across Various Regions?
      • How to Make Informed Decisions on Your Expenditure based on Resource Usage Graph?
    • CSPM
      • How to Setup Benchmarks in Saner CSPM?
      • How to Use Quick Evaluation Benchmarks?
      • How to Detect Patterns over a Period with Resource Trends?
      • How to Assess System Compliance and Security Posture?
    • CSPA
      • How to Initiate Patch Remediation from CSPA Dashboard?
      • How to Quickly Identify the Detected and Remediated Anomalies for an Account?
      • How to Prioritize Remediation or Fixes based on Confidence Levels?
      • How to Examine the Overall Anomaly Information for Specific Rules or Checks?
      • How to Search and Retrieve Anomaly Data?
      • How to Whitelist Rules or Resources in Cloud Security Scans?
    • CIEM
      • How to See the Active Version for an IAM Policy?
      • How to Troubleshoot or Analyze with Critical Activity Logs?
      • How to View by Type and Usage for any Identity in CIEM?
      • How to Get Visibility into Cloud Entitlements?
      • How to Use Evidence to Address Policies with Excessive Permission?
      • How to Know the Excessive Permissions on a Specific Service?
      • How to Visually See the Relationship between Identity, Entitlement, Policy, or Permission?
      • How to Determine if a Policy has Excessive Permission?
      • How to Initiate Patch Remediation from CIEM Dashboard?
    • CSRM
      • How to Configure Automation Rule to Remediate Misconfigurations?
      • How to Create a Patching Task for Items Currently in “Approval Pending” State?
      • How to Evaluate Remediation Effort with Patching Impact Chart?
      • How to Prioritize and Address Older or High-Risk Anomalies with Patch Aging?
      • How to Monitor the Overall Status of the Remediation Job?
      • How do I Get to Know the Regions Impacted by a Specific Rule?
      • How to View the Severity of a Missing Patch Affected by a Rule?
      • How to Address Missing Patches Via Remediation Tasks?
      • How to Quickly Access the Necessary Tool for Remediation and Begin Patching Tasks?
  • Frequently Asked Questions
    • Saner Cloud Technical FAQs
  • Saner Cloud Release Notes
    • Saner Cloud – V.1.1 Release Notes
    • Saner Cloud – V.1.0 Release Notes
  • Security Intelligence for Saner Cloud
    • Infrastructure Entitlement Checks in AWS and Azure
      • Implementing Infrastructure Entitlement Checks in Azure
      • Implementing Infrastructure Entitlement Checks in AWS
    • Posture Anomaly Checks in AWS and Azure
      • Implementing Posture Anomaly Checks in AWS
      • Implementing Posture Anomaly Checks in Azure
    • Benchmark Compliance Rules in AWS and Azure
      • AWS
        • Implementing SecPod Default Rules in AWS
          • Implementing SecPod Global Rules in AWS
          • Implementing SecPod Regional Rules in AWS
        • PCI DSS 3.2.1 Rules in AWS
          • Understand SOC2 Regional Rules in Azure
          • Introduction
          • Understand PCI DSS 3.2.1 Global Rules in AWS
          • Understand PCI DSS 3.2. 1 Regional in AWS
        • CIS 3.0.0 and 4.0.0 Rules in AWS
          • Introduction
          • Understand CIS 3.0.0 Global Rules in AWS
          • Understand CIS 4.0.0 Global Rules in AWS
          • Understand CIS 3.0.0 Regional Rules in AWS
          • Understand CIS 4.0.0 Regional Rules in AWS
        • SOC
          • Implementing SOC 2 Regional Rules in AWS
          • Implementing SOC 2 Global Rules in AWS
        • Implementing HIPAA HITRUST Rules
          • Implementing HIPAA HITRUST Global Rules in AWS
          • Implementing HIPAA HITRRUST Regional Rules in AWS
        • NIST 800-53 Revision 5 Rules in AWS
          • Introduction
          • Understand NIST 800-53 revision 5 Global Rules in AWS
          • Understand NIST 800-53 revision 5 Regional Rules in AWS
      • Azure
        • CIS Rules in Azure
          • Understand CIS 1.1.0 Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Benchmark Compliance Rules in Azure
          • Understand CIS 1.2.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 2.1.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 2.0.0 Regional Benchmark Compliance Rules in Azure
          • Understand CIS 2.1.0 Regional Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Regional Benchmark Compliance Rules in Azure
        • NIST 800-53 Revision Rules in Azure
          • Understand NIST 800-53 Revision 5 Rules in Azure
          • Understand NIST 800-53 Revision 5 Global Rules in Azure
          • Understand NIST 800-53 Revision 5 Regional Rules in Azure
        • SecPod Rules in Azure
          • Understand SecPod Global Rules in Azure
          • Understand SecPod Regional Rules in Azure
          • Understand SecPod Default Rules in Azure
        • HIPAA HITRUST Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Global Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Regional Rules in Azure
        • PCI DSS Rules in Azure
          • Understand PCI DSS 4.0 Rules in Azure
          • Understand PCI DSS 4.0 Global Rules in Azure
          • Understand PCI DSS 4.0 Regional Rules in Azure
        • SOC Rules in Azure
          • Understand SOC2 Rules in Azure
          • Understand SOC2 Global Rules in Azure
          • Understand SOC2 Regional Rules in Azure

Saner CVEM

  • Saner CVEM Release Notes
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • SanerNow Risk Prioritization Launch
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner CVEM Guide
    • What’s New in Saner CVEM?
    • Getting Started with Saner CVEM
    • Pre-requisites for Saner CVEM Deployment
    • How does Saner CVEM’s deployment architecture work?
  • Saner CVEM Products
    • Overview of Saner Continuous Vulnerability and Exposure Management
    • Saner CVEM Unified Dashboard User Guide
    • Saner CVEM Asset Exposure User Guide
    • Saner CVEM Continuous Posture Anomaly Management User Guide
    • Data Points IT teams can Fetch from Saner CPAM
    • Posture Anomaly Computation Rules
    • Saner CVEM Vulnerability Management User Guide
    • Saner CVEM Compliance Management User Guide
    • Saner CVEM Risk Prioritization User Guide
    • Saner CVEM Patch Management User Guide
    • Saner CVEM Endpoint Management User Guide
    • Saner CVEM Remote Access User Guide
    • Saner CVEM Network Scanner User Guide
    • Saner CVEM Cyber Hygiene Score User Guide
  • How Tos
    • Saner AE
      • How to blacklist and whitelist applications in Saner AE?
      • How to manage asset licenses using Saner AE?
      • How to run an asset scan using Saner AE?
    • Saner CPAM
      • How to create new response in PA tool?
      • How to build your own detection and response in PA tool?
      • How to whitelist an entire PA ID?
      • How to configure Posture Anomaly tool for custom detection?
      • How to fix Anomalies from PA dashboard?
      • How to fix anomalies detected in your account from All Anomalies Page?
      • How to fix anomalies from PA Summary page?
      • How to delete PA scan preferences?
      • How to schedule PA Scans on Daily, Weekly, and Monthly basis?
      • How to launch Posture Anomaly scans?
    • Saner VM
      • How to automate and schedule vulnerability scans?
      • How to exclude vulnerabilities in Saner VM tool
      • How to manage excluded vulnerabilities in Saner VM?
      • How to remediate vulnerabilities from vulnerability management dashboard?
    • Saner CM
      • How to run a compliance scan?
      • How to custom create a security policy?
      • How to align with PCI security compliance management?
      • How to align with NIST 800-171 security compliance management?
      • How to align with NIST 800-53 security compliance management?
      • How to align with HIPAA security compliance management using Saner CM?
    • Saner PM
      • How to fix firmware in Saner?
      • How to exclude patches in Saner PM?
      • How to manage excluded patches in Saner PM?
      • How to automate patch management in Saner PM?
      • How to roll back patches in Saner PM?
      • How to specify Service Level Agreement (SLA) using Remediation SLA in Saner PM?
      • How to apply missing patches in Saner PM?
      • How to apply the most critical patches in Saner PM?
      • How to perform custom remediation for applications that require paid patches using Saner PM
      • How to check the status of patching activity?
    • Saner EM
      • How to collect all security events from Windows Events Log?
      • How to check password policy set in Windows systems?
      • How to check status of DEP in Windows systems?
      • How to check faulty Anti-Virus (AV) status in Windows systems?
      • How to check for Anti-Virus (AV) status in Windows systems?
      • How to check account lockout policy on Windows systems?
      • How to check if Bit-locker protection is OFF in Windows systems?
      • How to list all inactive users on Windows systems?
      • How to list all guest accounts in Windows systems?
      • How to list all Administrator accounts on Windows systems?
      • How to list last-logon details of users on Windows systems?
      • How to identify all users in Windows systems?
      • How to collect all services that are currently running in Windows systems?
      • How to list all Groups in Windows systems?
      • How to collect all keyboard and pointing devices connected to Windows systems?
      • How to collect all storage devices connected to Windows systems?
      • How to investigate total RAM or CPU threshold (greater than or equal to 80%) in Windows systems?
      • How to collect operating systems information in Windows?
      • How to investigate disks running out of space (<100 MB) in Windows systems?
      • How to collect and investigate disk information on Windows systems?
      • How to collect all installed patches in Windows systems?
      • How to collect all software patches that are hidden in the Windows Update server?
      • How to check the status of Windows Update Server (WSUS/SCCM)?
      • How to collect BIOS information such as serial number, version, manufacturer in Windows systems?
      • How to collect all the important missing patches in Windows systems?
      • How to check wireless security in Linux systems?
      • How to collect mounted disk information on Linux systems?
      • How to check wireless signal quality in Linux systems?
      • How to check all firewall policies on Linux systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Linux systems?
      • How to collect DNS information on Linux systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing in Linux?
      • How to check wireless signal quality in Windows systems?
      • How to check wireless security in Windows systems?
      • How to collect all open ports in Windows systems?
      • How to collect all network interfaces in Windows systems?
      • How to investigate DNS cache on Windows systems?
      • How to check all firewall policies on Windows systems?
      • How to collect DNS information on Windows systems?
      • How to collect all the applications with an unknown publisher in Linux systems?
      • How to perform system tuning?
      • How to collect all software licenses in Windows systems?
      • How to identify potentially unwanted programs such as torrent downloaders or unnecessary toolbars running on Windows systems?
      • How to collect a list of applications that are started when you boot your computer?
      • How to collect all the applications with an unknown publisher in Windows systems?
      • How to collect all software licenses in Mac systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing Windows?
      • How to collect all families of operating systems such as Windows, Unix, and macOS?
      • How to collect environment variables set in all operating systems?
      • How to collect all the applications with an unknown publisher in Mac systems?
      • How to delete and quarantine a file?
      • How to start and stop the processes in Saner?
      • How to block blacklisted applications in Saner?
      • How to enable/disable devices in Saner
      • How to manually import devices into Saner?
      • How to deploy software in Saner EM?
      • How to enable and disable firewall settings in Saner AE?
      • How to collect all shared resources on Windows systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Windows systems?
      • How to connect to a client machine graphically using Saner Remote Access
  • FAQs
    • Saner CVEM Technical FAQs

Security Intelligence

  • Network Scanner Product Support Matrix
  • Privilege levels for authenticated scans using Saner Network Scanner
  • Overview of Security Content and Intelligence
  • Security Content Statistics
  • Application and OS Remediation Coverage
  • Compliance Benchmark Coverage
  • List of Vulnerability to Exploit/Malware Mapping covered in Saner
  • OVAL Definitions Family-wise Distribution
  • OVAL Definitions Class-wise Distribution
  • OVAL Definitions Platform Coverage
View Categories
  • Home
  • Docs
  • Saner Cloud
  • Security Intelligence for Saner Cloud
  • Benchmark Compliance Rules in AWS and Azure
  • AWS
  • Implementing SecPod Default Rules in AWS
  • Implementing SecPod Regional Rules in AWS

Implementing SecPod Regional Rules in AWS

Print Friendly, PDF & Email
Rule IDTitleService TypeResource Type
CSPM-AWS-2024-0002ACM Certificate with Transparency Logging Set to DisabledACMACM Certificate
CSPM-AWS-2024-0008Trails lacks integration with CloudWatchCloudTrailTrails
CSPM-AWS-2024-0009CloudTrail Data Events Logging Not ConfiguredCloudTrailTrails
CSPM-AWS-2024-0010CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs).CloudTrailTrails
CSPM-AWS-2024-0011Logging for Global services is Disabled for TrailCloudTrailTrails
CSPM-AWS-2024-0012CloudTrail Log File Validation is DisabledCloudTrailTrails
CSPM-AWS-2024-0013Logging Disabled for TrailsCloudTrailTrails
CSPM-AWS-2024-0014CloudTrail Service Not ConfiguredCloudTrailTrails
CSPM-AWS-2024-0015Configuration of CloudTrail Data Logging does not include all ResourcesCloudTrailEventSelector
CSPM-AWS-2024-0016CloudWatch Alarm without ActionCloudWatchAlarm
CSPM-AWS-2024-0017AWS Config Recorders Not EnabledConfigServiceConfigurationRecorders
CSPM-AWS-2024-0018AMIs are Publicly AccessibleEC2Images
CSPM-AWS-2024-0019Use of Default Security GroupsEC2Instances
CSPM-AWS-2024-0020Non-empty Default Security Group RulesetsEC2SecurityGroups
CSPM-AWS-2024-0021Unencrypted EBS SnapshotEC2Snapshots
CSPM-AWS-2024-0022Publicly Accessible EBS SnapshotEC2Snapshots
CSPM-AWS-2024-0023Unencrypted EBS Volume irrespective of its stateEC2Volumes
CSPM-AWS-2024-0024EC2 Instance Belongs to Specific Security GroupEC2Instances
CSPM-AWS-2024-0026Use of Restricted Instances TypesEC2Instances
CSPM-AWS-2024-0027EC2 Instance is Assigned a Public IP AddressEC2Instances
CSPM-AWS-2024-0029EC2 Security Group Allows Access to All PortsEC2SecurityGroups
CSPM-AWS-2024-0032All ICMP Traffic Permitted by EC2 Security GroupEC2SecurityGroups
CSPM-AWS-2024-0033-01Security Group Allows Unrestricted Access through “MySQL” Well-Known PortEC2SecurityGroups
CSPM-AWS-2024-0033-02Security Group Allows Unrestricted Access through “DNS” Well-Known PortEC2SecurityGroups
CSPM-AWS-2024-0033-03Security Group Allows Unrestricted Access through “MongoDB” Well-Known PortEC2SecurityGroups
CSPM-AWS-2024-0033-04Security Group Allows Unrestricted Access through “MsSQL” Well-Known PortEC2SecurityGroups
CSPM-AWS-2024-0033-05Security Group Allows Unrestricted Access through “Oracle DB” Well-Known PortEC2SecurityGroups
CSPM-AWS-2024-0033-06Security Group Allows Unrestricted Access through “PostgreSQL” Well-Known PortEC2SecurityGroups
CSPM-AWS-2024-0033-07Security Group Allows Unrestricted Access through “RDP” Well-Known PortEC2SecurityGroups
CSPM-AWS-2024-0033-08Security Group Allows Unrestricted Access through “SSH” Well-Known PortEC2SecurityGroups
CSPM-AWS-2024-0033-09Security Group Allows Unrestricted Access through “NFS” Well-Known PortEC2SecurityGroups
CSPM-AWS-2024-0033-10Security Group Allows Unrestricted Access through “SMTP” Well-Known PortEC2SecurityGroups
CSPM-AWS-2024-0034-01Security Group Allows Access through Port FTPEC2SecurityGroups
CSPM-AWS-2024-0034-02Security Group Allows Access through Port TelnetEC2SecurityGroups
CSPM-AWS-2024-0042Unused Security GroupEC2SecurityGroups
CSPM-AWS-2024-0043Elastic Load Balancer (ELB) Allows Clear Text (HTTP) CommunicationElasticLoadBalancingLoadBalancer
CSPM-AWS-2024-0044Absence of Elastic Load Balancer (ELB) Access LogsElasticLoadBalancingLoadBalancer
CSPM-AWS-2024-0045An Old SSL/TLS Policy DetectedElasticLoadBalancingLoadBalancer
CSPM-AWS-2024-0046Drop Invalid Header Fields DisabledElasticLoadBalancingv2LoadBalancer
CSPM-AWS-2024-0047Elastic Load Balancer (ELBv2) Permits Clear Text (HTTP) CommunicationElasticLoadBalancingv2Listener
CSPM-AWS-2024-0048Lack of ELBv2 Access LogsElasticLoadBalancingv2LoadBalancer
CSPM-AWS-2024-0049ELBv2 Lacks Deletion ProtectionElasticLoadBalancingv2LoadBalancer
CSPM-AWS-2024-0050An Old SSL/TLS Policy Detected (ELBv2)ElasticLoadBalancingv2Listener
CSPM-AWS-2024-0092Rotation disabled for KMS Symmetric Customer Master Keys (CMKs)KMSKeys
CSPM-AWS-2024-0093No CloudWatch Alarm Monitoring for “AWS Configuration Changes”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0094No CloudWatch Alarm Monitoring for “CloudTrail Configuration Changes”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0095No CloudWatch Alarm for “Disabled or Deleted Master Keys”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0096No CloudWatch Alarm for “Failed Console Authentications”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0097No CloudWatch Alarm for “IAM Policy Changes”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0098No CloudWatch Alarm for “Network Access Control Lists Changes”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0099No CloudWatch Alarm for “Network Gateways Changes”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0100No CloudWatch Alarm for “Root Account Usage”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0101No CloudWatch Alarm for “Route Table Changes”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0102No CloudWatch Alarm for “S3 Bucket Policy Changes”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0103No CloudWatch Alarm for “Console Logins without MFA”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0104No CloudWatch Alarm for”Console Logins without MFA”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0105No CloudWatch Alarm for “Unauthorized API Calls”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0106No CloudWatch Alarm for “VPC Changes”CloudWatchLogsMetricFilter
CSPM-AWS-2024-0107RDS Instance Backup DisabledRDSDBInstances
CSPM-AWS-2024-0108A Deprecated Certificate Authority found in the RDS InstanceRDSDBInstances
CSPM-AWS-2024-0109Auto Minor Version Upgrade Disabled in the RDS InstanceRDSDBInstances
CSPM-AWS-2024-0110The RDS Instance is Publicly AccessibleRDSDBInstances
CSPM-AWS-2024-0111The Backup Retention Time is Short in RDS InstancesRDSDBInstances
CSPM-AWS-2024-0112Single AZ RDS Instance lack the automatic failover capabilityRDSDBInstances
CSPM-AWS-2024-0113RDS Instance Storage Not EncryptedRDSDBInstances
CSPM-AWS-2024-0114Invalid Legacy SSL Certificate (PostgreSQL) found for RDS DB InstanceRDSDBInstances
CSPM-AWS-2024-0115RDS Instance Security Group allows All IP AddressesRDSDBSecurityGroup
CSPM-AWS-2024-0116Publicly Accessible RDS DB SnapshotRDSDBSnapshot
CSPM-AWS-2024-0117Redshift data in the cluster is not encrypted at restRedshiftCluster
CSPM-AWS-2024-0118Redshift Cluster Version Upgrade is DisabledRedshiftCluster
CSPM-AWS-2024-0119Redshift Cluster is Publicly accessibleRedshiftCluster
CSPM-AWS-2024-0120Disabled User Activity Logging for Redshift ClusterRedshiftParameterGroup
CSPM-AWS-2024-0121SSL is not required for Redshift Cluster Parameter GroupsRedshiftParameterGroups
CSPM-AWS-2024-0122All Traffic is Allowed by the Redshift Cluster Security GroupRedshiftClusterSecurityGroups
CSPM-AWS-2024-0127S3 Bucket has Disabled Default EncryptionS3Buckets
CSPM-AWS-2024-0128Logging of S3 bucket Access is DisabledS3Buckets
CSPM-AWS-2024-0129S3 Bucket without Multi-Factor Authentication (MFA) DeleteS3Buckets
CSPM-AWS-2024-0130S3 Bucket has No VersioningS3Buckets
CSPM-AWS-2024-0138SQS Queue Server with Disabled EncryptionSQSQueue
CSPM-AWS-2024-0142Unused Network ACLs detectedEC2NetworkAcl
CSPM-AWS-2024-0143VPC Routing Table fails to Maintain High Selectivity in PeeringEC2RouteTable
CSPM-AWS-2024-0146VPC Subnet Lacks a Flow LogEC2FlowLog
CSPM-AWS-2024-0147S3 bucket access logging is not enabled on the CloudTrail S3 bucketCloudTrailTrails
CSPM-AWS-2024-0148CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management eventsCloudTrailTrails
CSPM-AWS-2024-0149Encryption should be enabled at-rest in CloudTrail.CloudTrailTrails
CSPM-AWS-2024-0151Enable Amazon EBS encryption by default for your account in the current region.EC2Volumes
CSPM-AWS-2024-0152Ensure that only IMDSv2 is permitted by EC2 Metadata Service.EC2Instances
CSPM-AWS-2024-0154EFS file systems do not have encryption enabled.EFSFileSystems
CSPM-AWS-2024-0155Ensure that IAM Access analyzer is enabled for all regionsAccessAnalyzerAnalyzer
CSPM-AWS-2024-0160IAM instance roles are used for AWS resource access from instancesEC2Instances
CSPM-AWS-2024-0162Ensure AWS Organizations changes are monitored using CloudWatchLogsCloudWatchLogsMetricFilter
CSPM-AWS-2024-0164At the bucket level, the S3 Block Public Access setting needs to be enabled.S3Buckets
CSPM-AWS-2024-0165Enabling the S3 Block Public Access setting is necessary.S3Buckets
CSPM-AWS-2024-0166Ensure AWS Security Hub is enabledSecurityHubHub
CSPM-AWS-2024-0167In every VPC, VPC flow logging is must to be enabled.EC2FlowLog
CSPM-AWS-2024-0173API Gateway REST and WebSocket API execution logging should be enabledAPIGatewayStages
CSPM-AWS-2024-0174API Gateway REST API stages should be configured to use SSL certificates for backend authenticationAPIGatewayStages
CSPM-AWS-2024-0175API Gateway REST API stages should have AWS X-Ray tracing enabledAPIGatewayStages
CSPM-AWS-2024-0176API Gateway should be associated with a WAF Web ACLAPIGatewayStages
CSPM-AWS-2024-0177API Gateway REST API cache data should be encrypted at restAPIGatewayStages
CSPM-AWS-2024-0178API Gateway routes should specify an authorization typeAPIGatewayStages
CSPM-AWS-2024-0179Access logging should be configured for API Gateway V2 StagesAPIGatewayStages
CSPM-AWS-2024-0180AWS AppSync GraphQL APIs should not be authenticated with API keysAppSyncAppSync Graphql APIs
CSPM-AWS-2024-0182Amazon EC2 Auto Scaling group should cover multiple Availability ZonesAutoScalingAutoScalingGroups
CSPM-AWS-2024-0183Auto Scaling group launch configurations should configure EC2 instances to require Instance Metadata Service Version 2 (IMDSv2)AutoScalingLaunchConfigurations
CSPM-AWS-2024-0184Amazon EC2 instances launched using Auto Scaling group launch configurations should not have Public IP addressesAutoScalingLaunchConfigurations
CSPM-AWS-2024-0185Auto Scaling groups should use multiple instance types in multiple Availability ZonesAutoScalingAutoScalingGroups
CSPM-AWS-2024-0186EC2 Auto Scaling groups should use EC2 launch templatesAutoScalingAutoScalingGroups
CSPM-AWS-2024-0187AWS Backup recovery points should be encrypted at restBackupBackupRecoveryPoints
CSPM-AWS-2024-0197CloudWatch log groups should be retained for a specified time periodCloudWatchCloudWatchLogGroups
CSPM-AWS-2024-0200CodeBuild S3 logs should be encryptedCodeBuildCodeBuildS3Logs
CSPM-AWS-2024-0201CodeBuild project environments should have a logging configurationCodeBuildCodeBuildProject
CSPM-AWS-2024-0202AWS Config should be enabledConfigConfigurationRecorder
CSPM-AWS-2024-0203Firehose delivery streams should be encrypted at restDataFirehoseDeliveryStream
CSPM-AWS-2024-0204Database Migration Service replication instances should not be publicDMSReplicationInstances
CSPM-AWS-2024-0205DMS endpoints for Neptune databases should have IAM authorization enabledDMSDMSEndpoints
CSPM-AWS-2024-0206DMS endpoints for MongoDB should have an authentication mechanism enabledDMSDMSEndpoints
CSPM-AWS-2024-0207DMS endpoints for Redis should have TLS enabledDMSDMSEndpoints
CSPM-AWS-2024-0208DMS replication instances should have automatic minor version upgrade enabledDMSReplicationInstances
CSPM-AWS-2024-0209DMS replication tasks for the target database should have logging enabledDMSReplicationTasks
CSPM-AWS-2024-0210DMS replication tasks for the source database should have logging enabledDMSReplicationTasks
CSPM-AWS-2024-0211DMS endpoints should use SSLDMSDMSEndpoints
CSPM-AWS-2024-0212Amazon DocumentDB clusters should be encrypted at restDocumentDBDocumentDBCluster
CSPM-AWS-2024-0213Amazon DocumentDB clusters should have an adequate backup retention periodDocumentDBDocumentDBCluster
CSPM-AWS-2024-0214Amazon DocumentDB manual cluster snapshots should not be publicDocumentDBDocumentDBManualCluster
CSPM-AWS-2024-0215Amazon DocumentDB clusters should publish audit logs to CloudWatch LogsDocumentDBDocumentDBCluster
CSPM-AWS-2024-0216Amazon DocumentDB clusters should have deletion protection enabledDocumentDBDocumentDBCluster
CSPM-AWS-2024-0217DynamoDB tables should automatically scale capacity with demandDynamoDBDynamoDBTable
CSPM-AWS-2024-0218DynamoDB tables should have point-in-time recovery enabledDynamoDBDynamoDBTable
CSPM-AWS-2024-0219DynamoDB Accelerator (DAX) clusters should be encrypted at restDynamoDBDAXCluster
CSPM-AWS-2024-0220DynamoDB tables should be present in a backup planDynamoDBDynamoDBTable
CSPM-AWS-2024-0221DynamoDB tables should have deletion protection enabledDynamoDBDynamoDBTable
CSPM-AWS-2024-0222DynamoDB Accelerator clusters should be encrypted in transitDynamoDBDAXCluster
CSPM-AWS-2024-0224Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 serviceEC2Instances
CSPM-AWS-2024-0225Unused EC2 EIPs should be removedEC2Addresses
CSPM-AWS-2024-0226EC2 subnets should not automatically assign public IP addressesEC2Subnet
CSPM-AWS-2024-0227Unused Network Access Control Lists should be removedEC2NetworkAcls
CSPM-AWS-2024-0228EC2 instances should not use multiple ENIsEC2Instances
CSPM-AWS-2024-0229Security groups should only allow unrestricted incoming traffic for authorized portsEC2SecurityGroups
CSPM-AWS-2024-0230Both VPN tunnels for an AWS Site-to-Site VPN connection should be upEC2VPCConnections
CSPM-AWS-2024-0231EC2 Transit Gateways should not automatically accept VPC attachment requestsEC2TransitGateway
CSPM-AWS-2024-0232EC2 paravirtual instance types should not be usedEC2Instances
CSPM-AWS-2024-0233EC2 launch templates should not assign public IPs to network interfacesEC2LaunchTemplate
CSPM-AWS-2024-0234EBS volumes should be in a backup planBackupBackupSelection
CSPM-AWS-2024-0236Stopped EC2 instances should be removed after a specified time periodEC2Instances
CSPM-AWS-2024-0237EC2 Client VPN endpoints should have client connection logging enabledEC2ClientVPNEndpoint
CSPM-AWS-2024-0238ECR private repositories should have image scanning configuredECRRepository
CSPM-AWS-2024-0239ECR private repositories should have tag immutability configuredECRRepository
CSPM-AWS-2024-0240ECR repositories should have at least one lifecycle policy configuredECRRepository
CSPM-AWS-2024-0241Amazon ECS task definitions should have secure networking modes and user definitionsECSTaskDefinition
CSPM-AWS-2024-0242ECS Fargate services should run on the latest Fargate platform versionECSService
CSPM-AWS-2024-0243ECS clusters should use Container InsightsECSCluster
CSPM-AWS-2024-0244ECS services should not have public IP addresses assigned to them automaticallyECSService
CSPM-AWS-2024-0245ECS task definitions should not share the host’s process namespaceECSTaskDefinition
CSPM-AWS-2024-0246ECS containers should run as non-privilegedECSTaskDefinition
CSPM-AWS-2024-0247ECS containers should be limited to read-only access to root filesystemsECSTaskDefinition
CSPM-AWS-2024-0248Secrets should not be passed as container environment variablesECSTaskDefinition
CSPM-AWS-2024-0249ECS task definitions should have a logging configurationECSTaskDefinition
CSPM-AWS-2024-0250Elastic File System should be configured to encrypt file data at-rest using AWS KMSEFSFileSystems
CSPM-AWS-2024-0251Amazon EFS volumes should be in backup plansBackupBackupSelection
CSPM-AWS-2024-0252EFS access points should enforce a root directoryEFSAccessPoint
CSPM-AWS-2024-0253EFS access points should enforce a user identityEFSAccessPoint
CSPM-AWS-2024-0254EKS clusters should run on a supported Kubernetes versionEKSCluster
CSPM-AWS-2024-0255ElastiCache Redis clusters should have automatic backup enabledElastiCacheCacheClusters
CSPM-AWS-2024-0256ElastiCache for Redis cache clusters should have auto minor version upgrades enabledElastiCacheCacheClusters
CSPM-AWS-2024-0257ElastiCache replication groups should have automatic failover enabledElastiCacheReplicationGroups
CSPM-AWS-2024-0258ElastiCache replication groups should have encryption-at-rest enabledElastiCacheReplicationGroups
CSPM-AWS-2024-0259ElastiCache replication groups should have encryption-in-transit enabledElastiCacheReplicationGroups
CSPM-AWS-2024-0260ElastiCache for Redis replication groups before version 6.0 should use Redis AUTHElastiCacheReplicationGroups
CSPM-AWS-2024-0261ElastiCache clusters should not use the default subnet groupElastiCacheCacheClusters
CSPM-AWS-2024-0262Elastic Beanstalk environments should have enhanced health reporting enabledElasticBeanstalkEnvironment
CSPM-AWS-2024-0263Elastic Beanstalk managed platform updates should be enabledElasticBeanstalkEnvironment
CSPM-AWS-2024-0264Application Load Balancer should be configured to redirect all HTTP requests to HTTPSELBv2ApplicationLoadBalancer
CSPM-AWS-2024-0265Classic Load Balancer should span multiple Availability ZonesELBLoadBalancers
CSPM-AWS-2024-0266Application Load Balancer should be configured with defensive or strictest desync mitigation modeELBv2LoadBalancer
CSPM-AWS-2024-0267Application, Network and Gateway Load Balancers should span multiple Availability ZonesELBv2LoadBalancer
CSPM-AWS-2024-0268Classic Load Balancer should be configured with defensive or strictest desync mitigation modeELBLoadBalancer
CSPM-AWS-2024-0270Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate ManagerELBLoadBalancer
CSPM-AWS-2024-0271Classic Load Balancers should have connection draining enabledELBLoadBalancer
CSPM-AWS-2024-0273Classic Load Balancers should have cross-zone load balancing enabledELBLoadBalancer
CSPM-AWS-2024-0274Amazon EMR cluster primary nodes should not have public IP addressesEMREMRCluster
CSPM-AWS-2024-0275Amazon EMR block public access setting should be enabledEMREMRCluster
CSPM-AWS-2024-0276Elasticsearch domains should have encryption at-rest enabledESElasticSearchDomain
CSPM-AWS-2024-0277Elasticsearch domains should not be publicly accessibleESElasticSearchDomain
CSPM-AWS-2024-0278Elasticsearch domains should encrypt data sent between nodesESElasticSearchDomain
CSPM-AWS-2024-0279Elasticsearch domain error logging to CloudWatch Logs should be enabledESElasticSearchDomain
CSPM-AWS-2024-0280Elasticsearch domains should have audit logging enabledESElasticSearchDomain
CSPM-AWS-2024-0281Elasticsearch domains should have at least three data nodesESElasticSearchDomain
CSPM-AWS-2024-0282Elasticsearch domains should be configured with at least three dedicated master nodesESElasticSearchDomain
CSPM-AWS-2024-0283Connections to Elasticsearch domains should be encrypted using the latest TLS security policyESElasticSearchDomain
CSPM-AWS-2024-0284EventBridge custom event buses should have a resource-based policy attachedEventBridgeEventBus
CSPM-AWS-2024-0285EventBridge global endpoints should have event replication enabledEventBridgeEndpoint
CSPM-AWS-2024-0286FSx for OpenZFS file systems should be configured to copy tags to backups and volumesFSxFileSystem
CSPM-AWS-2024-0287FSx for Lustre file systems should be configured to copy tags to backupsFSxFileSystem
CSPM-AWS-2024-0288GuardDuty should be enabledGuardDutyAccount
CSPM-AWS-2024-0290Kinesis streams should be encrypted at restKinesisStream
CSPM-AWS-2024-0293AWS KMS keys should not be deleted unintentionallyKMSKey
CSPM-AWS-2024-0294Lambda function policies should prohibit public accessLambdaLambdaFunction
CSPM-AWS-2024-0295Lambda functions should use supported runtimesLambdaLambdaFunction
CSPM-AWS-2024-0296Lambda functions should be in a VPCLambdaLambdaFunction
CSPM-AWS-2024-0298Macie should be enabledMacieSession
CSPM-AWS-2024-0299Macie automated sensitive data discovery should be enabledMacieAccount
CSPM-AWS-2024-0300ActiveMQ brokers should stream audit logs to CloudWatchMQBroker
CSPM-AWS-2024-0301Amazon MQ brokers should have automatic minor version upgrade enabledMQBroker
CSPM-AWS-2024-0302ActiveMQ brokers should use active/standby deployment modeMQBroker
CSPM-AWS-2024-0303RabbitMQ brokers should use cluster deployment modeMQBroker
CSPM-AWS-2024-0304MSK clusters should be encrypted in transit among broker nodesMSKCluster
CSPM-AWS-2024-0305MSK clusters should have enhanced monitoring configuredMSKCluster
CSPM-AWS-2024-0306Neptune DB clusters should be encrypted at restNeptuneDBCluster
CSPM-AWS-2024-0307Neptune DB clusters should publish audit logs to CloudWatch LogsNeptuneDBCluster
CSPM-AWS-2024-0308Neptune DB cluster snapshots should not be publicNeptuneDBClusterSnapshot
CSPM-AWS-2024-0309Neptune DB clusters should have deletion protection enabledNeptuneDBCluster
CSPM-AWS-2024-0310Neptune DB clusters should have automated backups enabledNeptuneDBCluster
CSPM-AWS-2024-0311Neptune DB cluster snapshots should be encrypted at restNeptuneDBClusterSnapshot
CSPM-AWS-2024-0312Neptune DB clusters should have IAM database authentication enabledNeptuneDBCluster
CSPM-AWS-2024-0313Neptune DB clusters should be configured to copy tags to snapshotsNeptuneDBCluster
CSPM-AWS-2024-0314Neptune DB clusters should be deployed across multiple Availability ZonesNeptuneDBCluster
CSPM-AWS-2024-0315Network Firewall firewalls should be deployed across multiple Availability ZonesNetworkFirewallFirewall
CSPM-AWS-2024-0316Network Firewall logging should be enabledNetworkFirewallLoggingConfiguration
CSPM-AWS-2024-0317Network Firewall policies should have at least one rule group associatedNetworkFirewallFirewallPolicy
CSPM-AWS-2024-0318The default stateless action for Network Firewall policies should be drop or forward for full packetsNetworkFirewallFirewallPolicy
CSPM-AWS-2024-0319The default stateless action for Network Firewall policies should be drop or forward for fragmented packetsNetworkFirewallFirewallPolicy
CSPM-AWS-2024-0320Stateless network firewall rule group should not be emptyNetworkFirewallRuleGroup
CSPM-AWS-2024-0321Network Firewall firewalls should have deletion protection enabledNetworkFirewallFirewall
CSPM-AWS-2024-0322OpenSearch domains should have encryption at rest enabledOpensearchDomain
CSPM-AWS-2024-0323OpenSearch domains should have the latest software update installedOpensearchDomain
CSPM-AWS-2024-0324OpenSearch domains should have at least three dedicated primary nodesOpensearchDomain
CSPM-AWS-2024-0325OpenSearch domains should not be publicly accessibleOpensearchDomain
CSPM-AWS-2024-0326OpenSearch domains should encrypt data sent between nodesOpensearchDomain
CSPM-AWS-2024-0328OpenSearch domains should have audit logging enabledOpensearchDomain
CSPM-AWS-2024-0329OpenSearch domains should have at least three data nodesOpensearchDomain
CSPM-AWS-2024-0330OpenSearch domains should have fine-grained access control enabledOpensearchDomain
CSPM-AWS-2024-0331Connections to OpenSearch domains should be encrypted using the latest TLS security policyOpensearchDomain
CSPM-AWS-2024-0332AWS Private CA root certificate authority should be disabledPCACertificateAuthority
CSPM-AWS-2024-0333IAM authentication should be configured for RDS instancesRDSDBInstances
CSPM-AWS-2024-0334IAM authentication should be configured for RDS clustersRDSDBCluster
CSPM-AWS-2024-0335Amazon Aurora clusters should have backtracking enabledRDSDBCluster
CSPM-AWS-2024-0336RDS DB clusters should be configured for multiple Availability ZonesRDSDBCluster
CSPM-AWS-2024-0337RDS DB clusters should be configured to copy tags to snapshotsRDSDBCluster
CSPM-AWS-2024-0338RDS DB instances should be configured to copy tags to snapshotsRDSDBInstances
CSPM-AWS-2024-0339RDS instances should be deployed in a VPCRDSDBInstances
CSPM-AWS-2024-0340Existing RDS event notification subscriptions should be configured for critical cluster eventsRDSEventSubscription
CSPM-AWS-2024-0341Existing RDS event notification subscriptions should be configured for critical database instance eventsRDSEventSubscription
CSPM-AWS-2024-0342An RDS event notifications subscription should be configured for critical database parameter group eventsRDSEventSubscription
CSPM-AWS-2024-0343An RDS event notifications subscription should be configured for critical database security group eventsRDSEventSubscription
CSPM-AWS-2024-0344RDS instances should not use a database engine default portRDSDBInstances
CSPM-AWS-2024-0345RDS Database Clusters should use a custom administrator usernameRDSDBCluster
CSPM-AWS-2024-0346RDS database instances should use a custom administrator usernameRDSDBInstances
CSPM-AWS-2024-0347RDS DB instances should be protected by a backup planRDSDBInstances
CSPM-AWS-2024-0348RDS DB clusters should be encrypted at restRDSDBCluster
CSPM-AWS-2024-0349RDS DB instances should have encryption at-rest enabledRDSDBInstances
CSPM-AWS-2024-0350Aurora MySQL DB clusters should publish audit logs to CloudWatch LogsRDSDBClusters
CSPM-AWS-2024-0351RDS DB clusters should have automatic minor version upgrade enabledRDSDBCluster
CSPM-AWS-2024-0352RDS cluster snapshots and database snapshots should be encrypted at restRDSDBSnapshots
CSPM-AWS-2024-0353Enhanced monitoring should be configured for RDS DB instancesRDSDBInstances
CSPM-AWS-2024-0354RDS clusters should have deletion protection enabledRDSDBInstances
CSPM-AWS-2024-0355RDS DB instances should have deletion protection enabledRDSDBInstances
CSPM-AWS-2024-0356RDS DB instances should publish logs to CloudWatch LogsRDSDBInstances
CSPM-AWS-2024-0357Connections to Amazon Redshift clusters should be encrypted in transitRedshiftCluster, ClusterParameterGroup
CSPM-AWS-2024-0358Amazon Redshift clusters should have automatic snapshots enabledRedshiftCluster
CSPM-AWS-2024-0359Redshift clusters should use enhanced VPC routingRedshiftCluster
CSPM-AWS-2024-0360Amazon Redshift clusters should not use the default Admin usernameRedshiftCluster
CSPM-AWS-2024-0361Redshift clusters should not use the default database nameRedshiftCluster
CSPM-AWS-2024-0363S3 general purpose buckets with versioning enabled should have Lifecycle configurationsS3Buckets
CSPM-AWS-2024-0364S3 general purpose buckets should have event notifications enabledS3Buckets
CSPM-AWS-2024-0365ACLs should not be used to manage user access to S3 general purpose bucketsS3Buckets
CSPM-AWS-2024-0366S3 general purpose buckets should have Lifecycle configurationsS3Buckets
CSPM-AWS-2024-0367S3 general purpose buckets should have Object Lock enabledS3Buckets
CSPM-AWS-2024-0368S3 general purpose buckets should be encrypted at rest with AWS KMS keysS3Buckets
CSPM-AWS-2024-0369S3 access points should have block public access settings enabledS3AccessPoint
CSPM-AWS-2024-0370S3 general purpose bucket policies should restrict access to other AWS accountsS3Buckets
CSPM-AWS-2024-0371S3 general purpose buckets should use cross-Region replicationS3Buckets
CSPM-AWS-2024-0372Amazon SageMaker notebook instances should not have direct internet accessSageMakerNotebookInstances
CSPM-AWS-2024-0373SageMaker notebook instances should be launched in a custom VPCSageMakerNotebookInstances
CSPM-AWS-2024-0374Users should not have root access to SageMaker notebook instancesSageMakerNotebookInstances
CSPM-AWS-2024-0375SageMaker endpoint production variants should have an initial instance count greater than 1SageMakerEndpoint
CSPM-AWS-2024-0376Secrets Manager secrets should have automatic rotation enabledSecretsManagerSecret
CSPM-AWS-2024-0377Secrets Manager secrets configured with automatic rotation should rotate successfullySecretsManagerSecret
CSPM-AWS-2024-0379Secrets Manager secrets should be rotated within a specified number of daysSecretsManagerSecret
CSPM-AWS-2024-0380Service Catalog portfolios should be shared within an AWS organization onlyServiceCatalogPortfolio
CSPM-AWS-2024-0381SNS topics should be encrypted at-rest using AWS KMSSNSTopic
CSPM-AWS-2024-0382EC2 instances should be managed by AWS Systems ManagerSSMInstances
CSPM-AWS-2024-0383EC2 instances managed by Systems Manager should have a patch compliance status of COMPLIANT after a patch installationSSMPatchCompliance
CSPM-AWS-2024-0384EC2 instances managed by Systems Manager should have an association compliance status of COMPLIANTSSMAssociationCompliance
CSPM-AWS-2024-0385SSM documents should not be publicSSMDocument
CSPM-AWS-2024-0386Transfer Family servers should not use FTP protocol for endpoint connectionTransferServer
CSPM-AWS-2024-0397At least one CloudTrail trail should be enabledCloudTrailTrails
CSPM-AWS-2024-0398A log metric filter and alarm should exist for usage of the “root” userCloudWatchLogsMetricFilter
CSPM-AWS-2024-0403ECR Repository Should Not Be PublicECRRepository
CSPM-AWS-2024-0404Lambda With Secrets As Environment VariablesLambdaFunctions
CSPM-AWS-2024-0407Detect Public ‘READ_ACP’ Access on S3 BucketsS3Buckets
CSPM-AWS-2024-0408Detect Public ‘WRITE’ ACL Access on S3 BucketsS3Buckets
CSPM-AWS-2024-0409Detect Public ‘WRITE_ACP’ ACL Access on S3 BucketsS3Buckets
CSPM-AWS-2024-0410Detect ‘READ’ Access for Authenticated AWS Users on S3 BucketsS3Buckets
CSPM-AWS-2024-0411Detect ‘READ_ACP’ Access for Authenticated AWS Users on S3 BucketsS3Buckets
CSPM-AWS-2024-0412Detect ‘WRITE’ Access for Authenticated AWS Users on S3 BucketsS3Buckets
CSPM-AWS-2024-0413Detect ‘WRITE_ACP’ Access for Authenticated AWS Users on S3 BucketsS3Buckets
CSPM-AWS-2024-0414Detect ‘FULL_CONTROL’ Access for Authenticated AWS Users on S3 BucketsS3Buckets
CSPM-AWS-2024-0416Ensure Encryption for AWS AMIs is EnabledEC2Images
CSPM-AWS-2024-0417Ensure EC2 Instances Are Not in Public SubnetsEC2Instances
CSPM-AWS-2024-0418Ensure Proper EC2 Security Group Configuration for ELBElasticLoadBalancingLoadBalancers
CSPM-AWS-2024-0419Review Internet-Facing Classic Load Balancers (CLBs) for SecurityElasticLoadBalancingLoadBalancers
CSPM-AWS-2024-0420Analyze Amazon Macie Finding Statistics for S3 BucketsS3Buckets
CSPM-AWS-2024-0427Detect IAM CreateLoginProfile ActivityCloudTrailEvents
CSPM-AWS-2024-0431Ensure Secure KMS Cross-Account AccessKMSKey
CSPM-AWS-2024-0432Ensure Secure SQS Cross-Account AccessSQSQueue
CSPM-AWS-2024-0433Ensure Redshift Clusters Are Encrypted with KMS Customer Managed KeysRedshiftCluster
CSPM-AWS-2024-0434Set Up AWS Billing Alarm to Monitor CostsCloudWatchAlarm
CSPM-AWS-2024-0435Ensure Metric Filter for Rejected Traffic in VPC Flow LogsCloudWatchLogsMetricFilter
CSPM-AWS-2024-0439Restrict Cross-Account Access to Amazon OpenSearch DomainsElasticsearchServiceElasticSearchDomain
CSPM-AWS-2024-0440Enable Amazon OpenSearch Domain Encryption with KMS Customer-Managed Keys (CMKs)ElasticsearchServiceElasticSearchDomain
CSPM-AWS-2024-0441Enable Storage Encryption for Amazon WorkSpacesWorkSpacesWorkspace
CSPM-AWS-2024-0442Enable In-Transit and At-Rest Encryption for Amazon EMR ClustersEMREMRCluster
CSPM-AWS-2024-0445Enable Encryption at Rest for Lambda Environment Variables using Customer Master KeysLambdaFunction
CSPM-AWS-2024-0446Enable IAM Authentication for Lambda Function URLsLambdaFunctionUrlConfigs
CSPM-AWS-2024-0447Kinesis Stream Not Encrypted With CMKKinesisStream
CSPM-AWS-2024-0448Amazon Macie Not EnabledMacieSession
CSPM-AWS-2024-0449Improper Security Group Configuration for ELBv2 ALBELBv2LoadBalancers
CSPM-AWS-2024-0450Unreviewed Internet-Facing ELBv2 Load BalancersELBv2LoadBalancers
CSPM-AWS-2024-0451Excessive SSM Session Length DetectedSSMSession
CSPM-AWS-2024-0452SageMaker Notebook Data Not Encrypted with Customer Managed KeysSageMakerNotebookInstances
CSPM-AWS-2024-0453Neptune Database Not Encrypted with Customer Managed KeysNeptuneDBInstances
CSPM-AWS-2024-0454Glue Data Catalog Not Encrypted with Customer Managed KeysGlueDataCatalog
CSPM-AWS-2024-0455X-Ray Data Not Encrypted with Customer Managed KeysXRayEncryptionConfig
CSPM-AWS-2024-0456Secrets Not Encrypted with Customer Managed KeysSecretsManagerSecret
CSPM-AWS-2024-0457DocumentDB Clusters Not Encrypted with KMS Customer Managed KeysDocumentDBDBCluster
CSPM-AWS-2024-0458DMS Replication Instances Not Encrypted with KMS Customer Managed KeysDMSReplicationInstances
CSPM-AWS-2024-0460Storage Gateway File Shares Not Encrypted with KMS Customer Managed KeysStoragegatewayFileShare
CSPM-AWS-2024-0461AWS Comprehend Analysis Job Results Not Encrypted with KMSComprehendEntitiesDetectionJob
CSPM-AWS-2024-0462Unresolved IAM Access Analyzer Findings DetectedAccessAnalyzerFindings
CSPM-AWS-2024-0463AppFlow Data Not Encrypted with KMS Customer Managed KeysAppFlowFlow
CSPM-AWS-2024-0464Agent Sessions Not Encrypted with Customer-Managed Keys in Amazon BedrockBedrockAgent
CSPM-AWS-2024-0465Agent Sessions Not Protected by Guardrails in Amazon BedrockBedrockAgent
CSPM-AWS-2024-0466Amazon Bedrock Guardrails Not Encrypted with Customer-Managed KeysBedrockGuardrails
CSPM-AWS-2024-0467Amazon Bedrock Custom Models Not Encrypted with Customer-Managed KeysBedrockCustomModel
CSPM-AWS-2024-0468Amazon Bedrock Guardrails Missing Sensitive Information FiltersBedrockGuardrails
CSPM-AWS-2024-0471EC2 Instance Launched Outside of a VPC DetectedEC2Instances
CSPM-AWS-2024-0472EC2 Instance Using Incorrect Tenancy ModelEC2Instances
CSPM-AWS-2024-0473EC2 Instance Not in an Auto Scaling GroupEC2Instances
CSPM-AWS-2024-0475Security Group Allowing Excessive RFC 1918 Private IP RangesEC2SecurityGroups
CSPM-AWS-2024-0476Unrestricted Security Group Egress DetectedEC2SecurityGroups
CSPM-AWS-2024-0477Unrestricted Telnet Access DetectedEC2SecurityGroups
CSPM-AWS-2024-0478Unrestricted RPC Access DetectedEC2SecurityGroups
CSPM-AWS-2024-0479Unrestricted NetBIOS Access DetectedEC2SecurityGroups
CSPM-AWS-2024-0480Unrestricted FTP Access DetectedEC2SecurityGroups
CSPM-AWS-2024-0481Unrestricted CIFS Access DetectedEC2SecurityGroup
CSPM-AWS-2024-0483Unrestricted HTTP Access DetectedEC2SecurityGroups
CSPM-AWS-2024-0484Unrestricted HTTPS Access DetectedEC2SecurityGroups
CSPM-AWS-2024-0485App-Tier EC2 Instance Using IAM RolesEC2Instances
CSPM-AWS-2024-0486EC2 Instances Scanned by Amazon Inspector ClassicInspectorAssessmentTarget
CSPM-AWS-2024-0487Unused EBS VolumesEC2Volumes
CSPM-AWS-2024-0488VPC Endpoint Cross Account AccessEC2VPCEndpoint
CSPM-AWS-2024-0490S3 Buckets with Website Hosting Configuration EnabledS3Buckets
CSPM-AWS-2024-0491CloudTrail Integrated With CloudWatchCloudTrailTrails
CSPM-AWS-2024-0492CloudTrail Delivery FailingCloudTrailTrails
CSPM-AWS-2024-0509Ensure KMS Customer Master Key (CMK) is Utilized for EBS VolumeEC2Volumes
CSPM-AWS-2024-0511SQS Queues Encrypted with KMS CMKsSQSQueue
CSPM-AWS-2024-0512CloudFormation Stack Notification IntegrationCloudFormationStack
CSPM-AWS-2024-0513Ensure CloudFormation Stack Policies Prevent Accidental UpdatesCloudFormationStack
CSPM-AWS-2024-0514Enable Termination Protection for CloudFormation StacksCloudFormationStack
CSPM-AWS-2024-0515AWS Config Global Resources InclusionConfigServiceConfigurationRecorder
CSPM-AWS-2024-0516AWS Config Log Delivery FailureConfigServiceConfigurationRecordersStatus
CSPM-AWS-2024-0519Ensure Redshift Clusters Are Launched in VPCRedshiftClusters
CSPM-AWS-2024-0522Ensure CloudWatch Events Are EnabledEventsEventBridgeRules
CSPM-AWS-2024-0524EC2 Instance Provisioning Alert – Large Instances DetectedCloudWatchAlarms
CSPM-AWS-2024-0525EC2 Instance Configuration and Status Change DetectedCloudWatchAlarms
CSPM-AWS-2024-0526AWS Organizations Configuration Changes Detected – Monitor for Unauthorized ModificationsCloudWatchAlarms
CSPM-AWS-2024-0527Ensure ElastiCache Clusters are Deployed in VPCElastiCacheCluster
CSPM-AWS-2024-0529ElastiCache Node Type ComplianceElastiCacheCluster
CSPM-AWS-2024-0530Ensure ElastiCache Engine Version ComplianceElastiCacheCluster
CSPM-AWS-2024-0531OpenSearch Cluster Nodes LimitElasticsearchServiceElasticSearchDomain
CSPM-AWS-2024-0532Ensure OpenSearch Cluster Instances are of Specified Instance TypesElasticsearchServiceElasticSearchDomain
CSPM-AWS-2024-0534Enforce Specific Amazon WorkSpaces Bundle TypesWorkSpacesBundle
CSPM-AWS-2024-0535Ensure ACM Certificate Requests Are ValidatedACMCertificate
CSPM-AWS-2024-0537Amazon Inspector Findings Detected – Address Security VulnerabilitiesInspectorFindings
CSPM-AWS-2024-0538Ensure No Amazon Inspector ExclusionsInspectorFindings
CSPM-AWS-2024-0539Ensure Amazon Inspector 2 is EnabledInspector2Inspector2
CSPM-AWS-2024-0540Comprehensive Trusted Advisor ChecksTrustedAdvisorTrustedAdvisorCheck
CSPM-AWS-2024-0542Amazon EMR Cluster Instance LimitEMRCluster
CSPM-AWS-2024-0543EMR Cluster Desired Instance TypesEMRCluster
CSPM-AWS-2024-0544Ensure Amazon EMR Clusters Are In VPCEMRCluster
CSPM-AWS-2024-0546Detect Lambda Functions with Admin PrivilegesLambdaPolicy
CSPM-AWS-2024-0547Ensure Lambda Functions Do Not Use Function URLsLambdaFunction
CSPM-AWS-2024-0549Amazon Macie Sensitive Data Repository ConfigurationMacie2Configuration
CSPM-AWS-2024-0550Amazon Macie Data Discovery Job ConfigurationMacie2Configuration
CSPM-AWS-2024-0551Ensure Private API Gateway EndpointsAPIGatewayEndpoint
CSPM-AWS-2024-0552API Gateway Client Certificate Misconfiguration – Verify SSL Certificate UsageAPIGatewayEndpoint
CSPM-AWS-2024-0554Detect and Resolve GuardDuty FindingsGuardDutyFindings
CSPM-AWS-2024-0555Ensure S3 Protection is Enabled for GuardDutyGuardDutyFindings
CSPM-AWS-2024-0556Ensure Malware Protection is Enabled for Amazon EC2 in GuardDutyGuardDutyFindings
CSPM-AWS-2024-0557Ensure AWS Config Rules ComplianceConfigServiceConfigRule
CSPM-AWS-2024-0559Ensure SSM Parameters are EncryptedSSMParameters
CSPM-AWS-2024-0560Enforce VPC-Only Access for SageMaker DomainsSageMakerDomain
CSPM-AWS-2024-0562Ensure Glue Data Catalog Encryption at RestGlueCatalog
CSPM-AWS-2024-0563Amazon S3 Encryption Misconfiguration – Ensure Encryption at Rest is EnabledGlueSecurityConfiguration
CSPM-AWS-2024-0564Ensure CloudWatch Logs Encryption for AWS Glue is EnabledGlueSecurityConfiguration
CSPM-AWS-2024-0565AWS Glue Job Bookmark Encryption ConfigurationGlueSecurityConfiguration
CSPM-AWS-2024-0566Ensure Secrets Manager is UtilizedSecretsManagerSecrets
CSPM-AWS-2024-0567EKS Security Groups ConfigurationEKSSecurityGroups
CSPM-AWS-2024-0568Ensure Latest ECS Container Instance Agent VersionECSContainerInstance
CSPM-AWS-2024-0569AWS Well-Architected Tool Usage VerificationWellArchitectedWorkloads
CSPM-AWS-2024-0570Detection of High and Medium Risk Issues from AWS Well-Architected ToolWellArchitectedWorkloads
CSPM-AWS-2024-0576Ensure Descriptive Text for EC2 Security Group RulesEC2SecurityGroupRules
CSPM-AWS-2024-0577Default Security Group Detected – Avoid ‘launch-wizard’ Prefixed GroupsEC2Instances
CSPM-AWS-2024-0578Outdated EC2 AMIEC2Images
CSPM-AWS-2024-0589Ensure Redshift Clusters Do Not Use Default Port 5439RedshiftClusters
CSPM-AWS-2024-0590Resource Tagging not presentResourceGroupsTaggingAPIResources
CSPM-AWS-2024-0591AWS SES Identity VerificationSESIdentity
CSPM-AWS-2024-0592-01ElastiCache Cluster Non-Default Port Enforcement (Redis Cluster)ElastiCacheReplicationGroups
CSPM-AWS-2024-0592-02ElastiCache Cluster Non-Default Port Enforcement (Memcached Cluster)ElastiCacheCacheClusters
CSPM-AWS-2024-0593Detect ACM Certificates with Wildcard Domain NamesACMCertificate
CSPM-AWS-2024-0594Ensure Latest Apache ActiveMQ Engine Version for Amazon MQ BrokersMQBroker
CSPM-AWS-EKS-2024-0001Insufficient Control Plane LoggingEKSCluster
CSPM-AWS-EKS-2024-0002KMS Encryption DisabledEKSCluster
CSPM-AWS-EKS-2024-0003Publicly Accessible API ServerEKSCluster

Share This Article :
  • X
  • LinkedIn
Still stuck? How can we help?

Saner Documentation Feedback

Implementing SecPod Global Rules in AWS
Copyright 2025 - SecPod. All Rights Reserved. Privacy Policy.
SanerNow Version 6.3.x