Interpretation of the Columns in Benchmark Compliance Rules:
Rule ID: A unique identifier for the specific security rule or check
Title: A brief description of the security issue or misconfiguration
Severity — Low to High: Determines the risk of being exposed to attacks
Service Type: The AWS service affected or evaluated by the rule
Resource Type: The specific AWS resource being audited
| Rule ID | Title | Severity | Service Type | Resource Type |
|---|---|---|---|---|
| CSPM-AWS-2024-0023 | Unencrypted EBS Volume irrespective of its state | High | EC2 | Volumes |
| CSPM-AWS-2024-0068 | Passwords Expiration Threshold Is Not Configured Or Exceeds The Specified Limit | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0069 | The Minimum Password Length for IAM is Short. | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0071 | Password Policy Does Not Mandate Lowercase Characters | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0072 | Password Policy Does Not Mandate a Number | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0073 | Password Policy Does Not Mandate a Symbol | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0074 | Password Policy Does Not Mandate Uppercase Characters | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0075 | Password Policy Allows Reuse of Passwords | Medium | IAM | AccountPasswordPolicy |
| CSPM-AWS-2024-0088 | User Holding Multiple API Keys | Critical | IAM | AccessKey |
| CSPM-AWS-2024-0089 | User with Enabled Keys and Password | Critical | IAM | AccessKey |
| CSPM-AWS-2024-0091 | User without MFA | Critical | IAM | Users |
| CSPM-AWS-2024-0092 | Rotation disabled for KMS Symmetric Customer Master Keys (CMKs) | Critical | KMS | Keys |
| CSPM-AWS-2024-0167 | In every VPC, VPC flow logging is must to be enabled. | Critical | VPC | FlowLog |
| CSPM-AWS-2024-0176 | API Gateway should be associated with a WAF Web ACL | Medium | APIGateway | Stages |
| CSPM-AWS-2024-0265 | Classic Load Balancer should span multiple Availability Zones | Medium | ELB | LoadBalancers |
| CSPM-AWS-2024-0368 | S3 general purpose buckets should be encrypted at rest with AWS KMS keys | Medium | S3 | Buckets |
| CSPM-AWS-2024-0376 | Secrets Manager secrets should have automatic rotation enabled | Medium | SecretsManager | Secret |
| CSPM-AWS-2024-0445 | Enable Encryption at Rest for Lambda Environment Variables using Customer Master Keys | High | Lambda | Function |
| CSPM-AWS-2024-0501 | Ensure Existence of IAM Users | High | IAM | User |
| CSPM-AWS-2024-0514 | Enable Termination Protection for CloudFormation Stacks | High | CloudFormation | Stack |
| CSPM-AWS-2024-0515 | AWS Config Global Resources Inclusion | High | ConfigService | ConfigurationRecorder |
| CSPM-AWS-2024-0559 | Ensure SSM Parameters are Encrypted | Medium | SSM | Parameters |
| CSPM-AWS-2024-0296 | Lambda functions should be in a VPC | Low | Lambda | LambdaFunction |
| CSPM-AWS-2024-0284 | EventBridge custom event buses should have a resource-based policy attached | Low | EventBridge | EventBus |
| CSPM-AWS-2024-0566 | Ensure Secrets Manager is Utilized | Medium | SecretsManager | Secret |
| CSPM-AWS-2024-0381 | SNS topics should be encrypted at-rest using AWS KMS | Medium | SNS | Topic |
| CSPM-AWS-2024-0476 | Unrestricted Security Group Egress Detected | Medium | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-01 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-02 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-03 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-04 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-05 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-06 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-07 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-08 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-09 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0033-10 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0034 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0034-01 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0034-02 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0035 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0036 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0037 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0038 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0040 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0041 | Security Group allows unrestricted access through: \”MySQL\” Well-Known Port and \”Oracle DB\” Well-Known Port | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0032 | All ICMP Traffic Permitted by EC2 Security Group | High | EC2 | SecurityGroups |
| CSPM-AWS-2024-0478 | Unrestricted RPC Access Detected | Medium | EC2 | SecurityGroups |
| CSPM-AWS-2024-0029 | EC2 Security Group Allows Access to All Ports | Critical | EC2 | SecurityGroup |
| CSPM-AWS-2024-0477 | Unrestricted Telnet Access Detected | Medium | EC2 | SecurityGroup |
| CSPM-AWS-2024-0479 | Unrestricted NetBIOS Access Detected | Medium | EC2 | SecurityGroup |
| CSPM-AWS-2024-0480 | Unrestricted FTP Access Detected | Medium | EC2 | SecurityGroup |
| CSPM-AWS-2024-0481 | Unrestricted CIFS Access Detected | Medium | EC2 | SecurityGroup |
| CSPM-AWS-2024-0483 | Unrestricted HTTP Access Detected | Medium | EC2 | SecurityGroup |
| CSPM-AWS-2024-0484 | Unrestricted HTTPS Access Detected | Medium | EC2 | SecurityGroup |
| CSPM-AWS-2024-0178 | API Gateway routes should specify an authorization type | Medium | APIGateway | API Gateway Method |
| CSPM-AWS-2024-0311 | Neptune DB cluster snapshots should be encrypted at rest | Medium | Neptune | DBClusterSnapshot |
| CSPM-AWS-2024-0306 | Neptune DB clusters should be encrypted at rest | Medium | Neptune | DBClusterSnapshot |
| CSPM-AWS-2024-0176 | API Gateway should be associated with a WAF Web ACL | Medium | APIGateway | Stages |
| CSPA-AWS-2024-0055 | AWS Config should be enabled | Medium | Config | ConfigurationRecorder |
| CSPM-AWS-2024-0202 | AWS Config should be enabled | Medium | Config | ConfigurationRecorder |
| CSPM-AWS-2024-0093 | No CloudWatch Alarm Monitoring for \”AWS Configuration Changes\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0094 | “No CloudWatch Alarm Monitoring for \”CloudTrail Configuration Changes\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0095 | “No CloudWatch Alarm for \”Disabled or Deleted Master Keys\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0096 | “No CloudWatch Alarm for \”Failed Console Authentications\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0097 | “No CloudWatch Alarm for \”IAM Policy Changes\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0098 | No CloudWatch Alarm for \”Network Access Control Lists Changes\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0099 | No CloudWatch Alarm for \”Network Gateways Changes\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0100 | No CloudWatch Alarm for \”Root Account Usage\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0101 | No CloudWatch Alarm for \”Route Table Changes\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0102 | No CloudWatch Alarm for \”S3 Bucket Policy Changes\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0103 | No CloudWatch Alarm for \”Security Group Changes\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0104 | No CloudWatch Alarm for\”Console Logins without MFA\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0105 | No CloudWatch Alarm for \”Unauthorized API Calls\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0106 | No CloudWatch Alarm for \”VPC Changes\” | Medium | CloudWatchLogs | MetricFilter |
| CSPM-AWS-2024-0078 | No MFA for Root Account | Critical | IAM | CredentialReport |
| CSPM-AWS-2024-0077 | No Hardware MFA for Root Accounts | Critical | IAM | CredentialReport |
| CSPM-AWS-2024-0067 | No authorized user is allowed to handle issues with Amazon Support | Critical | IAM | Policies |
| CSPM-AWS-2024-0079 | Root account used recently | Critical | IAM | CredentialReport |
| CSPM-AWS-2024-0167 | In every VPC, VPC flow logging must be enabled | Critical | EC2 | FlowLog |
| CSPM-AWS-2024-0161 | User without MFA, Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | Critical | IAM | CredentialReport |
| CSPA-AWS-2024-0028 | User without MFA, Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | Critical | IAM | CredentialReport |
| CSPM-AWS-2024-0091 | User without MFA, Multi-factor authentication (MFA) not enabled for all IAM users that have a console password | Critical | IAM | CredentialReport |
| CSPM-AWS-2024-0523 | Security Group Configuration Changes Detected – Monitor for Unauthorized Modifications | Medium | CloudWatch | Alarms |
| CSPM-AWS-2024-0526 | AWS Organizations Configuration Changes Detected – Monitor for Unauthorized Modifications | Medium | CloudWatch | Alarms |
| CSPM-AWS-2024-0524 | EC2 Instance Provisioning Alert – Large Instances Detected | Medium | CloudWatch | Alarms |
