Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
Rule ID | Title | Severity | Service Type | Resource Type |
---|---|---|---|---|
CSPM-AWS-2024-0012 | CloudTrail Log File Validation is Disabled | Low | CloudTrail | Trails |
CSPM-AWS-2024-0023 | Unencrypted EBS Volume irrespective of its state | Medium | EC2 | Volumes |
CSPM-AWS-2024-0069 | The Minimum Password Length for IAM is Short. | Medium | IAM | AccountPasswordPolicy |
CSPM-AWS-2024-0075 | Password Policy Allows Reuse of Passwords | Low | IAM | AccountPasswordPolicy |
CSPM-AWS-2024-0084 | Inadequate Key Rotation for 90 Days | Medium | IAM | AccessKey |
CSPM-AWS-2024-0088 | User Holding Multiple API Keys | Critical | IAM | AccessKey |
CSPM-AWS-2024-0091 | User without MFA | Medium | IAM | Users |
CSPM-AWS-2024-0092 | Rotation disabled for KMS Symmetric Customer Master Keys (CMKs) | High | KMS | Keys |
CSPM-AWS-2024-0104 | No CloudWatch Alarm for”Console Logins without MFA” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0152 | Ensure that only IMDSv2 is permitted by EC2 Metadata Service. | Medium | EC2 | Instances |
CSPM-AWS-2024-0160 | IAM instance roles are used for AWS resource access from instances | Medium | EC2 | Instances |
CSPM-AWS-2024-0161 | Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | High | IAM | CredentialReport |
CSPM-AWS-2024-0167 | In every VPC, VPC flow logging is must to be enabled. | High | VPC | FlowLog |
CSPM-AWS-2024-0160 | Ensure AWS Security Hub is enabled | Medium | SecurityHub | Hub |
CSPM-AZURE-2024-0093 | Ensure that Restrict non-admin users from creating tenants is set to “Yes”(Manual) | Critical | Microsoft Entra ID | Authorization Policies |
CSPM-AWS-2024-0109 | Auto Minor Version Upgrade Disabled in the RDS Instance | Medium | RDS | DBInstances |
CSPM-AWS-2024-0110 | The RDS Instance is publicly accessible | Medium | RDS | DBInstances |
CSPM-AWS-2024-0157 | Make sure that every SSL/TLS certificate that has expired is deleted from AWS IAM | Medium | EC2 | Instance |
CSPM-AWS-2024-0128 | S3 bucket access logging is not enabled on the CloudTrail S3 bucket | Low | CloudTrail | Trails |
CSPM-AWS-2024-0147 | S3 bucket access logging is not enabled on the CloudTrail S3 bucket | Low | CloudTrail | Trails |
CSPM-AWS-2024-0017 | AWS Config Recorders Not Enabled | High | ConfigService | ConfigurationRecorders |
CSPM-AWS-2024-0020 | Non-empty Default Security Group Rulesets | High | EC2 | SecurityGroups |
CSPM-AWS-2024-0083 | IAM Credentials that have been inactive for 45 Days or more are not disabled | Medium | IAM | CredentialReport |
CSPM-AWS-2024-0009 | CloudTrail Data Events Logging Not Configured | Low | CloudTrail | Trails |
CSPM-AWS-2024-0162 | Ensure AWS Organizations changes are monitored using CloudWatchLogs | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0093 | No CloudWatch Alarm Monitoring for \”AWS Configuration Changes\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0094 | “No CloudWatch Alarm Monitoring for \”CloudTrail Configuration Changes\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0095 | “No CloudWatch Alarm for \”Disabled or Deleted Master Keys\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0096 | “No CloudWatch Alarm for \”Failed Console Authentications\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0097 | “No CloudWatch Alarm for \”IAM Policy Changes\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0098 | No CloudWatch Alarm for \”Network Access Control Lists Changes\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0099 | No CloudWatch Alarm for \”Network Gateways Changes\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0100 | No CloudWatch Alarm for \”Root Account Usage\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0101 | No CloudWatch Alarm for \”Route Table Changes\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0102 | No CloudWatch Alarm for \”S3 Bucket Policy Changes\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0103 | No CloudWatch Alarm for \”Security Group Changes\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0104 | No CloudWatch Alarm for\”Console Logins without MFA\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0105 | No CloudWatch Alarm for \”Unauthorized API Calls\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0106 | No CloudWatch Alarm for \”VPC Changes\” | Low | CloudWatchLogs | MetricFilter |
CSPM-AWS-2024-0078 | No MFA for Root Account | Critical | IAM | CredentialReport |
CSPM-AWS-2024-0077 | No Hardware MFA for Root Accounts | Critical | IAM | CredentialReport |
CSPM-AWS-2024-0159 | IAM Managed policies should not allow full \”*\” administrative privileges | High | IAM | Policies |
CSPM-AWS-2024-0067 | No Authorized User is allowed to handle issues with Amazon Support | High | IAM | Policies |
CSPM-AWS-2024-0079 | Root account used recently | Critical | IAM | CredentialReport |
CSPM-AWS-2024-0087 | Users whose access keys were created during setup but were never used | Critical | IAM | CredentialReport |
CSPM-AWS-2024-0160 | IAM instance roles are used for AWS resource access from instances | Medium | EC2 | Instances |
CSPM-AWS-2024-0148 | CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events | High | CloudTrail | Trails |
CSPM-AWS-2024-0010 | CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs) | High | CloudTrail | Trails |
CSPM-AWS-2024-0149 | CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs) | High | CloudTrail | Trails |
CSPM-AWS-2024-0164 | At the bucket level, the S3 Block Public Access setting needs to be enabled | High | S3 | Buckets |
CSPM-AWS-2024-0091 | User without MFA, Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | Medium | IAM | CredentialReport |
CSPA-AWS-2024-0028 | Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | Medium | IAM | CredentialReport |
CSPM-AWS-2024-0161 | Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | Medium | IAM | CredentialReport |