| Benchmark | Rule ID | Title | Service Type | Resource Type |
|---|---|---|---|---|
| SOC_2 | CSPM-AWS-2024-0020 | Non-empty Default Security Group Rulesets | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0023 | Unencrypted EBS Volume irrespective of its state | EC2 | Volumes |
| SOC_2 | CSPM-AWS-2024-0029 | EC2 Security Group Allows Access to All Ports | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0032 | All ICMP Traffic Permitted by EC2 Security Group | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0033-01 | Security Group Allows Unrestricted Access through “MySQL” Well-Known Port | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0033-02 | Security Group Allows Unrestricted Access through “DNS” Well-Known Port | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0033-03 | Security Group Allows Unrestricted Access through “MongoDB” Well-Known Port | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0033-04 | Security Group Allows Unrestricted Access through “MsSQL” Well-Known Port | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0033-05 | Security Group Allows Unrestricted Access through “Oracle DB” Well-Known Port | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0033-06 | Security Group Allows Unrestricted Access through “PostgreSQL” Well-Known Port | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0033-07 | Security Group Allows Unrestricted Access through “RDP” Well-Known Port | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0033-08 | Security Group Allows Unrestricted Access through “SSH” Well-Known Port | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0033-10 | Security Group Allows Unrestricted Access through “SMTP” Well-Known Port | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0067 | No Authorized User Is Allowed to Handle Issues with Amazon Support | IAM | Policies |
| SOC_2 | CSPM-AWS-2024-0068 | Passwords Expiration Threshold Is Not Configured Or Exceeds The Specified Limit | IAM | AccountPasswordPolicy |
| SOC_2 | CSPM-AWS-2024-0069 | The Minimum Password Length for IAM is Short. | IAM | AccountPasswordPolicy |
| SOC_2 | CSPM-AWS-2024-0071 | Password Policy Does Not Mandate Lowercase Characters | IAM | AccountPasswordPolicy |
| SOC_2 | CSPM-AWS-2024-0072 | Password Policy Does Not Mandate a Number | IAM | AccountPasswordPolicy |
| SOC_2 | CSPM-AWS-2024-0073 | Password Policy Does Not Mandate a Symbol | IAM | AccountPasswordPolicy |
| SOC_2 | CSPM-AWS-2024-0074 | Password Policy Does Not Mandate Uppercase Characters | IAM | AccountPasswordPolicy |
| SOC_2 | CSPM-AWS-2024-0075 | Password Policy Allows Reuse of Passwords | IAM | AccountPasswordPolicy |
| SOC_2 | CSPM-AWS-2024-0077 | No Hardware MFA for Root Account | IAM | CredentialReport |
| SOC_2 | CSPM-AWS-2024-0078 | No MFA for Root Account | IAM | CredentialReport |
| SOC_2 | CSPM-AWS-2024-0079 | Root Account Used Recently | IAM | CredentialReport |
| SOC_2 | CSPM-AWS-2024-0080 | Root Account Has Active X.509 Certs | IAM | CredentialReport |
| SOC_2 | CSPM-AWS-2024-0085 | IAM User is Not in Category Group | IAM | Groups |
| SOC_2 | CSPM-AWS-2024-0088 | User Holding Multiple API Keys | IAM | AccessKey |
| SOC_2 | CSPM-AWS-2024-0089 | User with Enabled Keys and Password | IAM | AccessKey |
| SOC_2 | CSPM-AWS-2024-0091 | User without MFA | IAM | Users |
| SOC_2 | CSPM-AWS-2024-0092 | Rotation disabled for KMS Symmetric Customer Master Keys (CMKs) | KMS | Keys |
| SOC_2 | CSPM-AWS-2024-0093 | No CloudWatch Alarm Monitoring for “AWS Configuration Changes” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0095 | No CloudWatch Alarm for “Disabled or Deleted Master Keys” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0096 | No CloudWatch Alarm for “Failed Console Authentications” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0097 | No CloudWatch Alarm for “IAM Policy Changes” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0098 | No CloudWatch Alarm for “Network Access Control Lists Changes” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0099 | No CloudWatch Alarm for “Network Gateways Changes” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0100 | No CloudWatch Alarm for “Root Account Usage” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0101 | No CloudWatch Alarm for “Route Table Changes” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0102 | No CloudWatch Alarm for “S3 Bucket Policy Changes” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0103 | No CloudWatch Alarm for “Console Logins without MFA” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0105 | No CloudWatch Alarm for “Unauthorized API Calls” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0106 | No CloudWatch Alarm for “VPC Changes” | CloudWatchLogs | MetricFilter |
| SOC_2 | CSPM-AWS-2024-0127 | S3 Bucket has Disabled Default Encryption | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0128 | Logging of S3 bucket Access is Disabled | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0129 | S3 Bucket without Multi-Factor Authentication (MFA) Delete | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0130 | S3 Bucket has No Versioning | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0138 | SQS Queue Server with Disabled Encryption | SQS | Queue |
| SOC_2 | CSPM-AWS-2024-0155 | Ensure that IAM Access analyzer is enabled for all regions | AccessAnalyzer | Analyzer |
| SOC_2 | CSPM-AWS-2024-0164 | At the bucket level, the S3 Block Public Access setting needs to be enabled. | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0165 | Enabling the S3 Block Public Access setting is necessary. | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0167 | In every VPC, VPC flow logging is must to be enabled. | EC2 | FlowLog |
| SOC_2 | CSPM-AWS-2024-0169 | Verify that there are no active access keys associated with the root user account | IAM | AccountSummary |
| SOC_2 | CSPM-AWS-2024-0171 | Security contact information should be provided for an AWS account. | Account | ContactInformation |
| SOC_2 | CSPM-AWS-2024-0172 | AWS account should be part of an AWS Organizations organization | Account | Organizations |
| SOC_2 | CSPM-AWS-2024-0176 | API Gateway should be associated with a WAF Web ACL | APIGateway | Stages |
| SOC_2 | CSPM-AWS-2024-0202 | AWS Config should be enabled | Config | ConfigurationRecorder |
| SOC_2 | CSPM-AWS-2024-0224 | Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service | EC2 | Instances |
| SOC_2 | CSPM-AWS-2024-0265 | Classic Load Balancer should span multiple Availability Zones | ELB | LoadBalancers |
| SOC_2 | CSPM-AWS-2024-0284 | EventBridge custom event buses should have a resource-based policy attached | EventBridge | EventBus |
| SOC_2 | CSPM-AWS-2024-0288 | GuardDuty should be enabled | GuardDuty | Account |
| SOC_2 | CSPM-AWS-2024-0291 | IAM customer managed policies should not allow decryption actions on all KMS keys | KMS | Policy |
| SOC_2 | CSPM-AWS-2024-0293 | AWS KMS keys should not be deleted unintentionally | KMS | Key |
| SOC_2 | CSPM-AWS-2024-0294 | Lambda function policies should prohibit public access | Lambda | LambdaFunction |
| SOC_2 | CSPM-AWS-2024-0296 | Lambda functions should be in a VPC | Lambda | LambdaFunction |
| SOC_2 | CSPM-AWS-2024-0298 | Macie should be enabled | Macie | Session |
| SOC_2 | CSPM-AWS-2024-0365 | ACLs should not be used to manage user access to S3 general purpose buckets | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0366 | S3 general purpose buckets should have Lifecycle configurations | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0367 | S3 general purpose buckets should have Object Lock enabled | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0368 | S3 general purpose buckets should be encrypted at rest with AWS KMS keys | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0376 | Secrets Manager secrets should have automatic rotation enabled | SecretsManager | Secret |
| SOC_2 | CSPM-AWS-2024-0381 | SNS topics should be encrypted at-rest using AWS KMS | SNS | Topic |
| SOC_2 | CSPM-AWS-2024-0407 | Detect Public ‘READ_ACP’ Access on S3 Buckets | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0409 | Detect Public ‘WRITE_ACP’ ACL Access on S3 Buckets | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0410 | Detect ‘READ’ Access for Authenticated AWS Users on S3 Buckets | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0411 | Detect ‘READ_ACP’ Access for Authenticated AWS Users on S3 Buckets | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0412 | Detect ‘WRITE’ Access for Authenticated AWS Users on S3 Buckets | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0413 | Detect ‘WRITE_ACP’ Access for Authenticated AWS Users on S3 Buckets | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0414 | Detect ‘FULL_CONTROL’ Access for Authenticated AWS Users on S3 Buckets | S3 | Buckets |
| SOC_2 | CSPM-AWS-2024-0431 | Ensure Secure KMS Cross-Account Access | KMS | Key |
| SOC_2 | CSPM-AWS-2024-0432 | Ensure Secure SQS Cross-Account Access | SQS | Queue |
| SOC_2 | CSPM-AWS-2024-0445 | Enable Encryption at Rest for Lambda Environment Variables using Customer Master Keys | Lambda | Function |
| SOC_2 | CSPM-AWS-2024-0456 | Secrets Not Encrypted with Customer Managed Keys | SecretsManager | Secret |
| SOC_2 | CSPM-AWS-2024-0475 | Security Group Allowing Excessive RFC 1918 Private IP Ranges | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0476 | Unrestricted Security Group Egress Detected | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0477 | Unrestricted Telnet Access Detected | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0478 | Unrestricted RPC Access Detected | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0479 | Unrestricted NetBIOS Access Detected | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0480 | Unrestricted FTP Access Detected | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0481 | Unrestricted CIFS Access Detected | EC2 | SecurityGroup |
| SOC_2 | CSPM-AWS-2024-0483 | Unrestricted HTTP Access Detected | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0484 | Unrestricted HTTPS Access Detected | EC2 | SecurityGroups |
| SOC_2 | CSPM-AWS-2024-0501 | Ensure Existence of IAM Users | IAM | User |
| SOC_2 | CSPM-AWS-2024-0505 | Detect Unused IAM Users | IAM | Users |
| SOC_2 | CSPM-AWS-2024-0509 | Ensure KMS Customer Master Key (CMK) is Utilized for EBS Volume | EC2 | Volumes |
| SOC_2 | CSPM-AWS-2024-0511 | SQS Queues Encrypted with KMS CMKs | SQS | Queue |
| SOC_2 | CSPM-AWS-2024-0512 | CloudFormation Stack Notification Integration | CloudFormation | Stack |
| SOC_2 | CSPM-AWS-2024-0513 | Ensure CloudFormation Stack Policies Prevent Accidental Updates | CloudFormation | Stack |
| SOC_2 | CSPM-AWS-2024-0514 | Enable Termination Protection for CloudFormation Stacks | CloudFormation | Stack |
| SOC_2 | CSPM-AWS-2024-0515 | AWS Config Global Resources Inclusion | ConfigService | ConfigurationRecorder |
| SOC_2 | CSPM-AWS-2024-0517 | Ensure CloudFront is Enabled | CloudFront | Distributions |
| SOC_2 | CSPM-AWS-2024-0522 | Ensure CloudWatch Events Are Enabled | Events | EventBridgeRules |
| SOC_2 | CSPM-AWS-2024-0524 | EC2 Instance Provisioning Alert – Large Instances Detected | CloudWatch | Alarms |
| SOC_2 | CSPM-AWS-2024-0525 | EC2 Instance Configuration and Status Change Detected | CloudWatch | Alarms |
| SOC_2 | CSPM-AWS-2024-0526 | AWS Organizations Configuration Changes Detected – Monitor for Unauthorized Modifications | CloudWatch | Alarms |
| SOC_2 | CSPM-AWS-2024-0531 | OpenSearch Cluster Nodes Limit | ElasticsearchService | ElasticSearchDomain |
| SOC_2 | CSPM-AWS-2024-0542 | Amazon EMR Cluster Instance Limit | EMR | Cluster |
| SOC_2 | CSPM-AWS-2024-0546 | Detect Lambda Functions with Admin Privileges | Lambda | Policy |
| SOC_2 | CSPM-AWS-2024-0548 | Ensure AWS Organizations All Features is Enabled | Organization | Organization |
| SOC_2 | CSPM-AWS-2024-0559 | Ensure SSM Parameters are Encrypted | SSM | Parameters |
| SOC_2 | CSPM-AWS-2024-0566 | Ensure Secrets Manager is Utilized | SecretsManager | Secrets |
| SOC_2 | CSPM-AWS-2024-0569 | AWS Well-Architected Tool Usage Verification | WellArchitected | Workloads |
