Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
| Rule ID | Title | Severity | Service Type | Resource Type |
|---|---|---|---|---|
| CSPM-AWS-2024-0008 | Trails lacks integration with CloudWatch | Low | CloudTrail | Trails |
| CSPM-AWS-2024-0012 | CloudTrail Log File Validation is Disabled | Low | CloudTrail | Trails |
| CSPM-AWS-2024-0022 | Publicly Accessible EBS Snapshot | Critical | EC2 | Snapshots |
| CSPM-AWS-2024-0092 | Rotation disabled for KMS Symmetric Customer Master Keys (CMKs) | Medium | KMS | Keys |
| CSPM-AWS-2024-0119 | Redshift Cluster is Publicly accessible | Critical | Redshift | Cluster |
| CSPM-AWS-2024-0167 | In every VPC, VPC flow logging is must to be enabled. | Medium | VPC | FlowLog |
| CSPM-AWS-2024-0225 | Unused EC2 EIPs should be removed | Low | EC2 | Addresses |
| CSPM-AWS-2024-0322 | OpenSearch domains should have encryption at rest enabled | Medium | Opensearch | Domain |
| CSPM-AWS-2024-0372 | Amazon SageMaker notebook instances should not have direct internet access | High | SageMaker | NotebookInstances |
| CSPM-AWS-2024-0296 | Lambda functions should be in a VPC | Low | Lambda | LambdaFunction |
| CSPM-AWS-2024-0116 | Publicly Accessible RDS DB Snapshot | Critical | RDS | DBSnapshot |
| CSPM-AWS-2024-0204 | Database Migration Service replication instances should not be public | Critical | DMS | ReplicationInstances |
| CSPM-AWS-2024-0017 | AWS Config Recorders Not Enabled | High | ConfigService | ConfigurationRecorders |
| CSPM-AWS-2024-0020 | Non-empty Default Security Group Rulesets | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0020 | Non-empty Default Security Group Rulesets | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0083 | IAM Credentials that have been inactive for 45 Days or more are not disabled | Medium | IAM | CredentialReport |
| CSPM-AWS-2024-0078 | No MFA for Root Account | Critical | IAM | CredentialReport |
| CSPM-AWS-2024-0077 | No Hardware MFA for Root Accounts | Critical | IAM | CredentialReport |
| CSPM-AWS-2024-0159 | IAM Managed policies should not allow full \”*\” administrative privileges | High | IAM | Policies |
| CSPM-AWS-2024-0090 | User with inline policies | Critical | IAM | Policies |
| CSPM-AWS-2024-0167 | In every VPC, VPC flow logging must be enabled | Medium | EC2 | FlowLog |
| CSPM-AWS-2024-0010 | CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs) | Medium | CloudTrail | Trails |
| CSPM-AWS-2024-0149 | CloudTrail Logs are not encrypted using KMS Customer Master Keys (CMKs) | Medium | CloudTrail | Trails |
| CSPM-AWS-2024-0164 | At the bucket level, the S3 Block Public Access setting needs to be enabled | Medium | S3 | Buckets |
| CSPM-AWS-2024-0161 | User without MFA, Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | Medium | IAM | CredentialReport |
| CSPM-AWS-2024-0091 | User without MFA, Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | Medium | IAM | CredentialReport |
| CSPA-AWS-2024-0028 | User without MFA, Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | Medium | IAM | CredentialReport |
