View Categories

Understand CIS 3.0.0 Rules in AWS

Print Friendly, PDF & Email

Interpretation of the Columns in Benchmark Compliance Rules:

Rule ID: A unique identifier for the specific security rule or check

Title: A brief description of the security issue or misconfiguration

Severity Low to High: Determines the risk of being exposed to attacks

Service Type: The AWS service affected or evaluated by the rule

Resource Type: The specific AWS resource being audited

Rule IDTitleSeverityService TypeResource Type
CSPM-AWS-2024-0012CloudTrail Log File Validation is DisabledLowCloudTrailTrails
CSPM-AWS-2024-0023Unencrypted EBS Volume irrespective of its stateMediumEC2Volumes
CSPM-AWS-2024-0069The Minimum Password Length for IAM is Short.MediumIAMAccountPasswordPolicy
CSPM-AWS-2024-0075Password Policy Allows Reuse of PasswordsLowIAMAccountPasswordPolicy
CSPM-AWS-2024-0084Inadequate Key Rotation for 90 DaysMediumIAMAccessKey
CSPM-AWS-2024-0088User Holding Multiple API KeysCriticalIAMAccessKey
CSPM-AWS-2024-0091User without MFAMediumIAMUsers
CSPM-AWS-2024-0092Rotation disabled for KMS Symmetric Customer Master Keys (CMKs)HighKMSKeys
CSPM-AWS-2024-0104No CloudWatch Alarm for”Console Logins without MFA”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0152Ensure that only IMDSv2 is permitted by EC2 Metadata Service.MediumEC2Instances
CSPM-AWS-2024-0160IAM instance roles are used for AWS resource access from instancesMediumEC2Instances
CSPM-AWS-2024-0161Multi-factor authentication (MFA) not enabled for all IAM users that have a console passwordHighIAMCredentialReport
CSPM-AWS-2024-0167In every VPC, VPC flow logging is must to be enabled.HighVPCFlowLog
CSPM-AWS-2024-0160Ensure AWS Security Hub is enabledMediumSecurityHubHub
CSPM-AZURE-2024-0093Ensure that Restrict non-admin users from creating tenants is set to “Yes”(Manual)CriticalMicrosoft Entra IDAuthorization Policies
CSPM-AWS-2024-0109Auto Minor Version Upgrade Disabled in the RDS InstanceMediumRDSDBInstances
CSPM-AWS-2024-0110The RDS Instance is publicly accessibleMediumRDSDBInstances
CSPM-AWS-2024-0157Make sure that every SSL/TLS certificate that has expired is deleted from AWS IAMMediumEC2Instance
CSPM-AWS-2024-0128S3 bucket access logging is not enabled on the CloudTrail S3 bucketLowCloudTrailTrails
CSPM-AWS-2024-0147S3 bucket access logging is not enabled on the CloudTrail S3 bucketLowCloudTrailTrails
CSPM-AWS-2024-0017AWS Config Recorders Not EnabledHighConfigServiceConfigurationRecorders
CSPM-AWS-2024-0020Non-empty Default Security Group RulesetsHighEC2SecurityGroups
CSPM-AWS-2024-0083IAM Credentials that have been inactive for 45 Days or more are not disabledMediumIAMCredentialReport
CSPM-AWS-2024-0009CloudTrail Data Events Logging Not ConfiguredLowCloudTrailTrails
CSPM-AWS-2024-0162Ensure AWS Organizations changes are monitored using CloudWatchLogsLowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0093No CloudWatch Alarm Monitoring for \”AWS Configuration Changes\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0094“No CloudWatch Alarm Monitoring for \”CloudTrail Configuration Changes\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0095“No CloudWatch Alarm for \”Disabled or Deleted Master Keys\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0096“No CloudWatch Alarm for \”Failed Console Authentications\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0097“No CloudWatch Alarm for \”IAM Policy Changes\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0098No CloudWatch Alarm for \”Network Access Control Lists Changes\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0099No CloudWatch Alarm for \”Network Gateways Changes\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0100No CloudWatch Alarm for \”Root Account Usage\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0101No CloudWatch Alarm for \”Route Table Changes\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0102No CloudWatch Alarm for \”S3 Bucket Policy Changes\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0103No CloudWatch Alarm for \”Security Group Changes\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0104No CloudWatch Alarm for\”Console Logins without MFA\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0105No CloudWatch Alarm for \”Unauthorized API Calls\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0106No CloudWatch Alarm for \”VPC Changes\”LowCloudWatchLogsMetricFilter
CSPM-AWS-2024-0078No MFA for Root AccountCriticalIAMCredentialReport
CSPM-AWS-2024-0077No Hardware MFA for Root AccountsCriticalIAMCredentialReport
CSPM-AWS-2024-0159IAM Managed policies should not allow full \”*\” administrative privilegesHighIAMPolicies
CSPM-AWS-2024-0067No Authorized User is allowed to handle issues with Amazon SupportHighIAMPolicies
CSPM-AWS-2024-0079Root account used recentlyCriticalIAMCredentialReport
CSPM-AWS-2024-0087Users whose access keys were created during setup but were never usedCriticalIAMCredentialReport
CSPM-AWS-2024-0160IAM instance roles are used for AWS resource access from instancesMediumEC2Instances
CSPM-AWS-2024-0148CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management eventsHighCloudTrailTrails
CSPM-AWS-2024-0010CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs)HighCloudTrailTrails
CSPM-AWS-2024-0149CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs)HighCloudTrailTrails
CSPM-AWS-2024-0164At the bucket level, the S3 Block Public Access setting needs to be enabledHighS3Buckets
CSPM-AWS-2024-0091User without MFA,
Multi-factor authentication (MFA) not enabled for all IAM users that have a console password		MediumIAMCredentialReport
CSPA-AWS-2024-0028Multi-factor authentication (MFA) not enabled for all IAM users that have a console passwordMediumIAMCredentialReport
CSPM-AWS-2024-0161Multi-factor authentication (MFA) not enabled for all IAM users that have a console passwordMediumIAMCredentialReport