From 0f4946860177e7da3bb69d8e446c257e8b5db5e0 Mon Sep 17 00:00:00 2001
From: Marc Jay <marc.jay@taskize.com>
Date: Tue, 14 Apr 2020 02:02:48 +0100
Subject: [PATCH] Limit CHECK_ID to a single value, handing the left-pad
 formatting in one place

Remove the second entry in any comma-separated check IDs from each check, formatting
the check ID with leading zeros in `include/outputs` if the `-n` flag is active
---
 checks/check11       | 2 +-
 checks/check12       | 2 +-
 checks/check13       | 2 +-
 checks/check14       | 2 +-
 checks/check15       | 2 +-
 checks/check16       | 2 +-
 checks/check17       | 2 +-
 checks/check18       | 2 +-
 checks/check19       | 2 +-
 checks/check21       | 2 +-
 checks/check22       | 2 +-
 checks/check23       | 2 +-
 checks/check24       | 2 +-
 checks/check25       | 2 +-
 checks/check26       | 2 +-
 checks/check27       | 2 +-
 checks/check28       | 2 +-
 checks/check29       | 2 +-
 checks/check31       | 2 +-
 checks/check32       | 2 +-
 checks/check33       | 2 +-
 checks/check34       | 2 +-
 checks/check35       | 2 +-
 checks/check36       | 2 +-
 checks/check37       | 2 +-
 checks/check38       | 2 +-
 checks/check39       | 2 +-
 checks/check41       | 2 +-
 checks/check42       | 2 +-
 checks/check43       | 2 +-
 checks/check44       | 2 +-
 checks/check_extra71 | 2 +-
 checks/check_extra72 | 2 +-
 checks/check_extra73 | 2 +-
 checks/check_extra74 | 2 +-
 checks/check_extra75 | 2 +-
 checks/check_extra76 | 2 +-
 checks/check_extra77 | 2 +-
 checks/check_extra78 | 2 +-
 checks/check_extra79 | 2 +-
 include/outputs      | 5 ++---
 41 files changed, 42 insertions(+), 43 deletions(-)

diff --git a/checks/check11 b/checks/check11
index 09bdcab1..59e982ef 100644
--- a/checks/check11
+++ b/checks/check11
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check11="1.1,1.01"
+CHECK_ID_check11="1.1"
 CHECK_TITLE_check11="[check11] Avoid the use of the root account (Scored)"
 CHECK_SCORED_check11="SCORED"
 CHECK_TYPE_check11="LEVEL1"
diff --git a/checks/check12 b/checks/check12
index 15bc50f1..800b64ce 100644
--- a/checks/check12
+++ b/checks/check12
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check12="1.2,1.02"
+CHECK_ID_check12="1.2"
 CHECK_TITLE_check12="[check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"
 CHECK_SCORED_check12="SCORED"
 CHECK_TYPE_check12="LEVEL1"
diff --git a/checks/check13 b/checks/check13
index 9e0a4616..9f8f5a4c 100644
--- a/checks/check13
+++ b/checks/check13
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check13="1.3,1.03"
+CHECK_ID_check13="1.3"
 CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled (Scored)"
 CHECK_SCORED_check13="SCORED"
 CHECK_TYPE_check13="LEVEL1"
diff --git a/checks/check14 b/checks/check14
index 86925def..21e2be49 100644
--- a/checks/check14
+++ b/checks/check14
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check14="1.4,1.04"
+CHECK_ID_check14="1.4"
 CHECK_TITLE_check14="[check14] Ensure access keys are rotated every 90 days or less (Scored)"
 CHECK_SCORED_check14="SCORED"
 CHECK_TYPE_check14="LEVEL1"
diff --git a/checks/check15 b/checks/check15
index 0aa9c732..bfc31270 100644
--- a/checks/check15
+++ b/checks/check15
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check15="1.5,1.05"
+CHECK_ID_check15="1.5"
 CHECK_TITLE_check15="[check15] Ensure IAM password policy requires at least one uppercase letter (Scored)"
 CHECK_SCORED_check15="SCORED"
 CHECK_TYPE_check15="LEVEL1"
diff --git a/checks/check16 b/checks/check16
index 9ee4965b..881b9a83 100644
--- a/checks/check16
+++ b/checks/check16
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check16="1.6,1.06"
+CHECK_ID_check16="1.6"
 CHECK_TITLE_check16="[check16] Ensure IAM password policy require at least one lowercase letter (Scored)"
 CHECK_SCORED_check16="SCORED"
 CHECK_TYPE_check16="LEVEL1"
diff --git a/checks/check17 b/checks/check17
index fc56ffe7..ad8faecd 100644
--- a/checks/check17
+++ b/checks/check17
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check17="1.7,1.07"
+CHECK_ID_check17="1.7"
 CHECK_TITLE_check17="[check17] Ensure IAM password policy require at least one symbol (Scored)"
 CHECK_SCORED_check17="SCORED"
 CHECK_TYPE_check17="LEVEL1"
diff --git a/checks/check18 b/checks/check18
index 732b87bd..bec51868 100644
--- a/checks/check18
+++ b/checks/check18
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check18="1.8,1.08"
+CHECK_ID_check18="1.8"
 CHECK_TITLE_check18="[check18] Ensure IAM password policy require at least one number (Scored)"
 CHECK_SCORED_check18="SCORED"
 CHECK_TYPE_check18="LEVEL1"
diff --git a/checks/check19 b/checks/check19
index 60aad8ed..28199d77 100644
--- a/checks/check19
+++ b/checks/check19
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check19="1.9,1.09"
+CHECK_ID_check19="1.9"
 CHECK_TITLE_check19="[check19] Ensure IAM password policy requires minimum length of 14 or greater (Scored)"
 CHECK_SCORED_check19="SCORED"
 CHECK_TYPE_check19="LEVEL1"
diff --git a/checks/check21 b/checks/check21
index d1a23103..1af4509a 100644
--- a/checks/check21
+++ b/checks/check21
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check21="2.1,2.01"
+CHECK_ID_check21="2.1"
 CHECK_TITLE_check21="[check21] Ensure CloudTrail is enabled in all regions (Scored)"
 CHECK_SCORED_check21="SCORED"
 CHECK_TYPE_check21="LEVEL1"
diff --git a/checks/check22 b/checks/check22
index 1646a94f..d302f128 100644
--- a/checks/check22
+++ b/checks/check22
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check22="2.2,2.02"
+CHECK_ID_check22="2.2"
 CHECK_TITLE_check22="[check22] Ensure CloudTrail log file validation is enabled (Scored)"
 CHECK_SCORED_check22="SCORED"
 CHECK_TYPE_check22="LEVEL2"
diff --git a/checks/check23 b/checks/check23
index 0149c5ce..9614fe68 100644
--- a/checks/check23
+++ b/checks/check23
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check23="2.3,2.03"
+CHECK_ID_check23="2.3"
 CHECK_TITLE_check23="[check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"
 CHECK_SCORED_check23="SCORED"
 CHECK_TYPE_check23="LEVEL1"
diff --git a/checks/check24 b/checks/check24
index 581878bc..1fb3c133 100644
--- a/checks/check24
+++ b/checks/check24
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check24="2.4,2.04"
+CHECK_ID_check24="2.4"
 CHECK_TITLE_check24="[check24] Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)"
 CHECK_SCORED_check24="SCORED"
 CHECK_TYPE_check24="LEVEL1"
diff --git a/checks/check25 b/checks/check25
index 6bb12698..456223fa 100644
--- a/checks/check25
+++ b/checks/check25
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check25="2.5,2.05"
+CHECK_ID_check25="2.5"
 CHECK_TITLE_check25="[check25] Ensure AWS Config is enabled in all regions (Scored)"
 CHECK_SCORED_check25="SCORED"
 CHECK_TYPE_check25="LEVEL1"
diff --git a/checks/check26 b/checks/check26
index 270c367a..da563445 100644
--- a/checks/check26
+++ b/checks/check26
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check26="2.6,2.06"
+CHECK_ID_check26="2.6"
 CHECK_TITLE_check26="[check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"
 CHECK_SCORED_check26="SCORED"
 CHECK_TYPE_check26="LEVEL1"
diff --git a/checks/check27 b/checks/check27
index 56fd7392..6f5d81a3 100644
--- a/checks/check27
+++ b/checks/check27
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check27="2.7,2.07"
+CHECK_ID_check27="2.7"
 CHECK_TITLE_check27="[check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"
 CHECK_SCORED_check27="SCORED"
 CHECK_TYPE_check27="LEVEL2"
diff --git a/checks/check28 b/checks/check28
index adfbca41..23c797da 100644
--- a/checks/check28
+++ b/checks/check28
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check28="2.8,2.08"
+CHECK_ID_check28="2.8"
 CHECK_TITLE_check28="[check28] Ensure rotation for customer created CMKs is enabled (Scored)"
 CHECK_SCORED_check28="SCORED"
 CHECK_TYPE_check28="LEVEL2"
diff --git a/checks/check29 b/checks/check29
index c49efb2d..01681bb8 100644
--- a/checks/check29
+++ b/checks/check29
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check29="2.9,2.09"
+CHECK_ID_check29="2.9"
 CHECK_TITLE_check29="[check29] Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"
 CHECK_SCORED_check29="SCORED"
 CHECK_TYPE_check29="LEVEL2"
diff --git a/checks/check31 b/checks/check31
index 21768a15..2ea65085 100644
--- a/checks/check31
+++ b/checks/check31
@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check31="3.1,3.01"
+CHECK_ID_check31="3.1"
 CHECK_TITLE_check31="[check31] Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)"
 CHECK_SCORED_check31="SCORED"
 CHECK_TYPE_check31="LEVEL1"
diff --git a/checks/check32 b/checks/check32
index 745d38d5..d6000238 100644
--- a/checks/check32
+++ b/checks/check32
@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check32="3.2,3.02"
+CHECK_ID_check32="3.2"
 CHECK_TITLE_check32="[check32] Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)"
 CHECK_SCORED_check32="SCORED"
 CHECK_TYPE_check32="LEVEL1"
diff --git a/checks/check33 b/checks/check33
index dd2b94db..837d5fb5 100644
--- a/checks/check33
+++ b/checks/check33
@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check33="3.3,3.03"
+CHECK_ID_check33="3.3"
 CHECK_TITLE_check33="[check33] Ensure a log metric filter and alarm exist for usage of root account (Scored)"
 CHECK_SCORED_check33="SCORED"
 CHECK_TYPE_check33="LEVEL1"
diff --git a/checks/check34 b/checks/check34
index 86a55b25..7d2a6e26 100644
--- a/checks/check34
+++ b/checks/check34
@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check34="3.4,3.04"
+CHECK_ID_check34="3.4"
 CHECK_TITLE_check34="[check34] Ensure a log metric filter and alarm exist for IAM policy changes (Scored)"
 CHECK_SCORED_check34="SCORED"
 CHECK_TYPE_check34="LEVEL1"
diff --git a/checks/check35 b/checks/check35
index 929be5b8..9fd5e0f5 100644
--- a/checks/check35
+++ b/checks/check35
@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check35="3.5,3.05"
+CHECK_ID_check35="3.5"
 CHECK_TITLE_check35="[check35] Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)"
 CHECK_SCORED_check35="SCORED"
 CHECK_TYPE_check35="LEVEL1"
diff --git a/checks/check36 b/checks/check36
index 06e0d557..334ae475 100644
--- a/checks/check36
+++ b/checks/check36
@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check36="3.6,3.06"
+CHECK_ID_check36="3.6"
 CHECK_TITLE_check36="[check36] Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)"
 CHECK_SCORED_check36="SCORED"
 CHECK_TYPE_check36="LEVEL2"
diff --git a/checks/check37 b/checks/check37
index 4c6dd4d3..548535d0 100644
--- a/checks/check37
+++ b/checks/check37
@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check37="3.7,3.07"
+CHECK_ID_check37="3.7"
 CHECK_TITLE_check37="[check37] Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)"
 CHECK_SCORED_check37="SCORED"
 CHECK_TYPE_check37="LEVEL2"
diff --git a/checks/check38 b/checks/check38
index c112620c..829cd122 100644
--- a/checks/check38
+++ b/checks/check38
@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check38="3.8,3.08"
+CHECK_ID_check38="3.8"
 CHECK_TITLE_check38="[check38] Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)"
 CHECK_SCORED_check38="SCORED"
 CHECK_TYPE_check38="LEVEL1"
diff --git a/checks/check39 b/checks/check39
index a649f157..6ca13baa 100644
--- a/checks/check39
+++ b/checks/check39
@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check39="3.9,3.09"
+CHECK_ID_check39="3.9"
 CHECK_TITLE_check39="[check39] Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)"
 CHECK_SCORED_check39="SCORED"
 CHECK_TYPE_check39="LEVEL2"
diff --git a/checks/check41 b/checks/check41
index 00260ebb..da704739 100644
--- a/checks/check41
+++ b/checks/check41
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check41="4.1,4.01"
+CHECK_ID_check41="4.1"
 CHECK_TITLE_check41="[check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)"
 CHECK_SCORED_check41="SCORED"
 CHECK_TYPE_check41="LEVEL2"
diff --git a/checks/check42 b/checks/check42
index a362b0cb..69e19891 100644
--- a/checks/check42
+++ b/checks/check42
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check42="4.2,4.02"
+CHECK_ID_check42="4.2"
 CHECK_TITLE_check42="[check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)"
 CHECK_SCORED_check42="SCORED"
 CHECK_TYPE_check42="LEVEL2"
diff --git a/checks/check43 b/checks/check43
index 6c0122ff..35cf44c5 100644
--- a/checks/check43
+++ b/checks/check43
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check43="4.3,4.03"
+CHECK_ID_check43="4.3"
 CHECK_TITLE_check43="[check43] Ensure the default security group of every VPC restricts all traffic (Scored)"
 CHECK_SCORED_check43="SCORED"
 CHECK_TYPE_check43="LEVEL2"
diff --git a/checks/check44 b/checks/check44
index 55ceb977..e7f620f8 100644
--- a/checks/check44
+++ b/checks/check44
@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check44="4.4,4.04"
+CHECK_ID_check44="4.4"
 CHECK_TITLE_check44="[check44] Ensure routing tables for VPC peering are \"least access\" (Not Scored)"
 CHECK_SCORED_check44="NOT_SCORED"
 CHECK_TYPE_check44="LEVEL2"
diff --git a/checks/check_extra71 b/checks/check_extra71
index 368ad9d4..197eec97 100644
--- a/checks/check_extra71
+++ b/checks/check_extra71
@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra71="7.1,7.01"
+CHECK_ID_extra71="7.1"
 CHECK_TITLE_extra71="[extra71] Ensure users of groups with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra71="NOT_SCORED"
 CHECK_TYPE_extra71="EXTRA"
diff --git a/checks/check_extra72 b/checks/check_extra72
index 52bcd93d..b9471f9b 100644
--- a/checks/check_extra72
+++ b/checks/check_extra72
@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra72="7.2,7.02"
+CHECK_ID_extra72="7.2"
 CHECK_TITLE_extra72="[extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra72="NOT_SCORED"
 CHECK_TYPE_extra72="EXTRA"
diff --git a/checks/check_extra73 b/checks/check_extra73
index 86b07197..281b9f90 100644
--- a/checks/check_extra73
+++ b/checks/check_extra73
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 
-CHECK_ID_extra73="7.3,7.03"
+CHECK_ID_extra73="7.3"
 CHECK_TITLE_extra73="[extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra73="NOT_SCORED"
 CHECK_TYPE_extra73="EXTRA"
diff --git a/checks/check_extra74 b/checks/check_extra74
index f700f1c4..c6d0aa04 100644
--- a/checks/check_extra74
+++ b/checks/check_extra74
@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra74="7.4,7.04"
+CHECK_ID_extra74="7.4"
 CHECK_TITLE_extra74="[extra74] Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra74="NOT_SCORED"
 CHECK_TYPE_extra74="EXTRA"
diff --git a/checks/check_extra75 b/checks/check_extra75
index a93d01e2..91a34df3 100644
--- a/checks/check_extra75
+++ b/checks/check_extra75
@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra75="7.5,7.05"
+CHECK_ID_extra75="7.5"
 CHECK_TITLE_extra75="[extra75] Ensure there are no Security Groups not being used (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra75="NOT_SCORED"
 CHECK_TYPE_extra75="EXTRA"
diff --git a/checks/check_extra76 b/checks/check_extra76
index 2a65705f..e524ea7d 100644
--- a/checks/check_extra76
+++ b/checks/check_extra76
@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra76="7.6,7.06"
+CHECK_ID_extra76="7.6"
 CHECK_TITLE_extra76="[extra76] Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra76="NOT_SCORED"
 CHECK_TYPE_extra76="EXTRA"
diff --git a/checks/check_extra77 b/checks/check_extra77
index cfd1078a..ad3011c6 100644
--- a/checks/check_extra77
+++ b/checks/check_extra77
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 
-CHECK_ID_extra77="7.7,7.07"
+CHECK_ID_extra77="7.7"
 CHECK_TITLE_extra77="[extra77] Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra77="NOT_SCORED"
 CHECK_TYPE_extra77="EXTRA"
diff --git a/checks/check_extra78 b/checks/check_extra78
index ee652259..d1c0c8ab 100644
--- a/checks/check_extra78
+++ b/checks/check_extra78
@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra78="7.8,7.08"
+CHECK_ID_extra78="7.8"
 CHECK_TITLE_extra78="[extra78] Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra78="NOT_SCORED"
 CHECK_TYPE_extra78="EXTRA"
diff --git a/checks/check_extra79 b/checks/check_extra79
index d46a63a7..01c7b41e 100644
--- a/checks/check_extra79
+++ b/checks/check_extra79
@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra79="7.9,7.09"
+CHECK_ID_extra79="7.9"
 CHECK_TITLE_extra79="[extra79] Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra79="NOT_SCORED"
 CHECK_TYPE_extra79="EXTRA"
diff --git a/include/outputs b/include/outputs
index 40d67a7c..46c4d8a6 100644
--- a/include/outputs
+++ b/include/outputs
@@ -90,9 +90,8 @@ textTitle(){
   CHECKS_COUNTER=$((CHECKS_COUNTER+1))
   TITLE_ID=$1
   if [[ $NUMERAL ]]; then
-    TITLE_ID=$(echo $TITLE_ID | cut -d, -f2)
-  else
-    TITLE_ID=$(echo $TITLE_ID | cut -d, -f1)
+    # Left-pad the check ID with zeros to simplify sorting, e.g. 1.1 -> 1.01
+    TITLE_ID=$(awk -F'.' '{ printf "%d.%02d", $1, $2 }' <<< "$TITLE_ID")
   fi
 
   TITLE_TEXT=$2