Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
| Rule ID | Title | Severity | Service Type | Resource Type |
|---|---|---|---|---|
| CSPM-AWS-2024-0023 | Unencrypted EBS Volume irrespective of its state | High | EC2 | Volumes |
| CSPM-AWS-2024-0068 | Passwords Expiration Threshold Is Not Configured Or Exceeds The Specified Limit | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0069 | The Minimum Password Length for IAM is Short. | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0071 | Password Policy Does Not Mandate Lowercase Characters | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0072 | Password Policy Does Not Mandate a Number | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0073 | Password Policy Does Not Mandate a Symbol | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0074 | Password Policy Does Not Mandate Uppercase Characters | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0075 | Password Policy Allows Reuse of Passwords | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0088 | User Holding Multiple API Keys | Critical | IAM | AccessKey |
| CSPM-AWS-2024-0089 | User with Enabled Keys and Password | Critical | IAM | AccessKey |
| CSPM-AWS-2024-0091 | User without MFA | Critical | IAM | Users |
| CSPM-AWS-2024-0092 | Rotation disabled for KMS Symmetric Customer Master Keys (CMKs) | Critical | KMS | Keys |
| CSPM-AWS-2024-0167 | In every VPC, VPC flow logging is must to be enabled. | Critical | VPC | FlowLog |
| CSPM-AWS-2024-0176 | API Gateway should be associated with a WAF Web ACL | Medium | APIGateway | Stages |
| CSPM-AWS-2024-0265 | Classic Load Balancer should span multiple Availability Zones | Medium | ELB | LoadBalancers |
| CSPM-AWS-2024-0368 | S3 general purpose buckets should be encrypted at rest with AWS KMS keys | Medium | S3 | Buckets |
| CSPM-AWS-2024-0376 | Secrets Manager secrets should have automatic rotation enabled | Medium | SecretsManager | Secret |
| CSPM-AWS-2024-0445 | Enable Encryption at Rest for Lambda Environment Variables using Customer Master Keys | High | Lambda | Function |
| CSPM-AWS-2024-0501 | Ensure Existence of IAM Users | High | IAM | User |
| CSPM-AWS-2024-0514 | Enable Termination Protection for CloudFormation Stacks | High | CloudFormation | Stack |
| CSPM-AWS-2024-0515 | AWS Config Global Resources Inclusion | High | ConfigService | ConfigurationRecorder |
| CSPM-AWS-2024-0559 | Ensure SSM Parameters are Encrypted | Medium | SSM | Parameters |
