diff --git a/checks/check11 b/checks/check11
index 6162db56..f5d6a742 100644
--- a/checks/check11
+++ b/checks/check11
@@ -14,7 +14,7 @@
CHECK_ID_check11="1.1"
CHECK_TITLE_check11="[check11] Avoid the use of the root account"
CHECK_SCORED_check11="SCORED"
-CHECK_TYPE_check11="LEVEL1"
+CHECK_CIS_LEVEL_check11="LEVEL1"
CHECK_SEVERITY_check11="High"
CHECK_ASFF_TYPE_check11="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check101="check11"
diff --git a/checks/check110 b/checks/check110
index 2e60a65e..7054ea8d 100644
--- a/checks/check110
+++ b/checks/check110
@@ -14,7 +14,7 @@
CHECK_ID_check110="1.10"
CHECK_TITLE_check110="[check110] Ensure IAM password policy prevents password reuse: 24 or greater"
CHECK_SCORED_check110="SCORED"
-CHECK_TYPE_check110="LEVEL1"
+CHECK_CIS_LEVEL_check110="LEVEL1"
CHECK_SEVERITY_check110="Medium"
CHECK_ASFF_TYPE_check110="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check110="check110"
diff --git a/checks/check111 b/checks/check111
index 1a696f0b..9fbb90a4 100644
--- a/checks/check111
+++ b/checks/check111
@@ -14,7 +14,7 @@
CHECK_ID_check111="1.11"
CHECK_TITLE_check111="[check111] Ensure IAM password policy expires passwords within 90 days or less"
CHECK_SCORED_check111="SCORED"
-CHECK_TYPE_check111="LEVEL1"
+CHECK_CIS_LEVEL_check111="LEVEL1"
CHECK_SEVERITY_check111="Medium"
CHECK_ASFF_TYPE_check111="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check111="check111"
diff --git a/checks/check112 b/checks/check112
index f2f6c422..16635494 100644
--- a/checks/check112
+++ b/checks/check112
@@ -14,7 +14,7 @@
CHECK_ID_check112="1.12"
CHECK_TITLE_check112="[check112] Ensure no root account access key exists"
CHECK_SCORED_check112="SCORED"
-CHECK_TYPE_check112="LEVEL1"
+CHECK_CIS_LEVEL_check112="LEVEL1"
CHECK_SEVERITY_check112="Critical"
CHECK_ASFF_TYPE_check112="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check112="check112"
diff --git a/checks/check113 b/checks/check113
index 657c9b0a..b98a4f51 100644
--- a/checks/check113
+++ b/checks/check113
@@ -14,7 +14,7 @@
CHECK_ID_check113="1.13"
CHECK_TITLE_check113="[check113] Ensure MFA is enabled for the root account"
CHECK_SCORED_check113="SCORED"
-CHECK_TYPE_check113="LEVEL1"
+CHECK_CIS_LEVEL_check113="LEVEL1"
CHECK_SEVERITY_check113="Critical"
CHECK_ASFF_TYPE_check113="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check113="check113"
diff --git a/checks/check114 b/checks/check114
index 7872583f..aaa9dc0b 100644
--- a/checks/check114
+++ b/checks/check114
@@ -14,7 +14,7 @@
CHECK_ID_check114="1.14"
CHECK_TITLE_check114="[check114] Ensure hardware MFA is enabled for the root account"
CHECK_SCORED_check114="SCORED"
-CHECK_TYPE_check114="LEVEL2"
+CHECK_CIS_LEVEL_check114="LEVEL2"
CHECK_SEVERITY_check114="Critical"
CHECK_ASFF_TYPE_check114="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check114="check114"
diff --git a/checks/check115 b/checks/check115
index 356ba6d7..d7c7603a 100644
--- a/checks/check115
+++ b/checks/check115
@@ -14,7 +14,7 @@
CHECK_ID_check115="1.15"
CHECK_TITLE_check115="[check115] Ensure security questions are registered in the AWS account"
CHECK_SCORED_check115="NOT_SCORED"
-CHECK_TYPE_check115="LEVEL1"
+CHECK_CIS_LEVEL_check115="LEVEL1"
CHECK_SEVERITY_check115="Medium"
CHECK_ASFF_TYPE_check115="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check115="check115"
diff --git a/checks/check116 b/checks/check116
index 18a0cbc3..0cc78432 100644
--- a/checks/check116
+++ b/checks/check116
@@ -14,7 +14,7 @@
CHECK_ID_check116="1.16"
CHECK_TITLE_check116="[check116] Ensure IAM policies are attached only to groups or roles"
CHECK_SCORED_check116="SCORED"
-CHECK_TYPE_check116="LEVEL1"
+CHECK_CIS_LEVEL_check116="LEVEL1"
CHECK_SEVERITY_check116="Low"
CHECK_ASFF_TYPE_check116="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check116="AwsIamUser"
diff --git a/checks/check117 b/checks/check117
index e9854cd0..96658c5b 100644
--- a/checks/check117
+++ b/checks/check117
@@ -14,7 +14,7 @@
CHECK_ID_check117="1.17"
CHECK_TITLE_check117="[check117] Maintain current contact details"
CHECK_SCORED_check117="NOT_SCORED"
-CHECK_TYPE_check117="LEVEL1"
+CHECK_CIS_LEVEL_check117="LEVEL1"
CHECK_SEVERITY_check117="Medium"
CHECK_ASFF_TYPE_check117="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check117="check117"
diff --git a/checks/check118 b/checks/check118
index 736bb594..f2e31c9d 100644
--- a/checks/check118
+++ b/checks/check118
@@ -14,7 +14,7 @@
CHECK_ID_check118="1.18"
CHECK_TITLE_check118="[check118] Ensure security contact information is registered"
CHECK_SCORED_check118="NOT_SCORED"
-CHECK_TYPE_check118="LEVEL1"
+CHECK_CIS_LEVEL_check118="LEVEL1"
CHECK_SEVERITY_check118="Medium"
CHECK_ASFF_TYPE_check118="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check118="check118"
diff --git a/checks/check119 b/checks/check119
index e9d148dc..c1ebe209 100644
--- a/checks/check119
+++ b/checks/check119
@@ -14,7 +14,7 @@
CHECK_ID_check119="1.19"
CHECK_TITLE_check119="[check119] Ensure IAM instance roles are used for AWS resource access from instances"
CHECK_SCORED_check119="NOT_SCORED"
-CHECK_TYPE_check119="LEVEL2"
+CHECK_CIS_LEVEL_check119="LEVEL2"
CHECK_SEVERITY_check119="Medium"
CHECK_ASFF_TYPE_check119="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check119="AwsEc2Instance"
diff --git a/checks/check12 b/checks/check12
index deca5af2..f2b5d920 100644
--- a/checks/check12
+++ b/checks/check12
@@ -14,7 +14,7 @@
CHECK_ID_check12="1.2"
CHECK_TITLE_check12="[check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password"
CHECK_SCORED_check12="SCORED"
-CHECK_TYPE_check12="LEVEL1"
+CHECK_CIS_LEVEL_check12="LEVEL1"
CHECK_SEVERITY_check12="High"
CHECK_ASFF_TYPE_check12="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check12="AwsIamUser"
diff --git a/checks/check120 b/checks/check120
index 993177bf..3223345a 100644
--- a/checks/check120
+++ b/checks/check120
@@ -14,7 +14,7 @@
CHECK_ID_check120="1.20"
CHECK_TITLE_check120="[check120] Ensure a support role has been created to manage incidents with AWS Support"
CHECK_SCORED_check120="SCORED"
-CHECK_TYPE_check120="LEVEL1"
+CHECK_CIS_LEVEL_check120="LEVEL1"
CHECK_SEVERITY_check120="Medium"
CHECK_ASFF_TYPE_check120="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check120="AwsIamRole"
diff --git a/checks/check121 b/checks/check121
index 64dd729c..140fb1a3 100644
--- a/checks/check121
+++ b/checks/check121
@@ -14,7 +14,7 @@
CHECK_ID_check121="1.21"
CHECK_TITLE_check121="[check121] Do not setup access keys during initial user setup for all IAM users that have a console password"
CHECK_SCORED_check121="NOT_SCORED"
-CHECK_TYPE_check121="LEVEL1"
+CHECK_CIS_LEVEL_check121="LEVEL1"
CHECK_SEVERITY_check121="Medium"
CHECK_ASFF_TYPE_check121="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check121="AwsIamUser"
diff --git a/checks/check122 b/checks/check122
index 70423199..81ea3e61 100644
--- a/checks/check122
+++ b/checks/check122
@@ -14,7 +14,7 @@
CHECK_ID_check122="1.22"
CHECK_TITLE_check122="[check122] Ensure IAM policies that allow full \"*:*\" administrative privileges are not created"
CHECK_SCORED_check122="SCORED"
-CHECK_TYPE_check122="LEVEL1"
+CHECK_CIS_LEVEL_check122="LEVEL1"
CHECK_SEVERITY_check122="Medium"
CHECK_ASFF_TYPE_check122="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check122="AwsIamPolicy"
diff --git a/checks/check13 b/checks/check13
index 81b2c52b..050ff84b 100644
--- a/checks/check13
+++ b/checks/check13
@@ -14,7 +14,7 @@
CHECK_ID_check13="1.3"
CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled"
CHECK_SCORED_check13="SCORED"
-CHECK_TYPE_check13="LEVEL1"
+CHECK_CIS_LEVEL_check13="LEVEL1"
CHECK_SEVERITY_check13="Medium"
CHECK_ASFF_TYPE_check13="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check13="AwsIamUser"
diff --git a/checks/check14 b/checks/check14
index 0d9d1cc7..fd669860 100644
--- a/checks/check14
+++ b/checks/check14
@@ -14,7 +14,7 @@
CHECK_ID_check14="1.4"
CHECK_TITLE_check14="[check14] Ensure access keys are rotated every 90 days or less"
CHECK_SCORED_check14="SCORED"
-CHECK_TYPE_check14="LEVEL1"
+CHECK_CIS_LEVEL_check14="LEVEL1"
CHECK_SEVERITY_check14="Medium"
CHECK_ASFF_TYPE_check14="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check14="AwsIamUser"
diff --git a/checks/check15 b/checks/check15
index 079245d0..a5d0d749 100644
--- a/checks/check15
+++ b/checks/check15
@@ -14,7 +14,7 @@
CHECK_ID_check15="1.5"
CHECK_TITLE_check15="[check15] Ensure IAM password policy requires at least one uppercase letter"
CHECK_SCORED_check15="SCORED"
-CHECK_TYPE_check15="LEVEL1"
+CHECK_CIS_LEVEL_check15="LEVEL1"
CHECK_SEVERITY_check15="Medium"
CHECK_ASFF_TYPE_check15="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check105="check15"
diff --git a/checks/check16 b/checks/check16
index 719811d9..4ba1c855 100644
--- a/checks/check16
+++ b/checks/check16
@@ -14,7 +14,7 @@
CHECK_ID_check16="1.6"
CHECK_TITLE_check16="[check16] Ensure IAM password policy require at least one lowercase letter"
CHECK_SCORED_check16="SCORED"
-CHECK_TYPE_check16="LEVEL1"
+CHECK_CIS_LEVEL_check16="LEVEL1"
CHECK_SEVERITY_check16="Medium"
CHECK_ASFF_TYPE_check16="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check106="check16"
diff --git a/checks/check17 b/checks/check17
index 72fdd247..92a97039 100644
--- a/checks/check17
+++ b/checks/check17
@@ -14,7 +14,7 @@
CHECK_ID_check17="1.7"
CHECK_TITLE_check17="[check17] Ensure IAM password policy require at least one symbol"
CHECK_SCORED_check17="SCORED"
-CHECK_TYPE_check17="LEVEL1"
+CHECK_CIS_LEVEL_check17="LEVEL1"
CHECK_SEVERITY_check17="Medium"
CHECK_ASFF_TYPE_check17="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check107="check17"
diff --git a/checks/check18 b/checks/check18
index c13e101b..a4e27d24 100644
--- a/checks/check18
+++ b/checks/check18
@@ -14,7 +14,7 @@
CHECK_ID_check18="1.8"
CHECK_TITLE_check18="[check18] Ensure IAM password policy require at least one number"
CHECK_SCORED_check18="SCORED"
-CHECK_TYPE_check18="LEVEL1"
+CHECK_CIS_LEVEL_check18="LEVEL1"
CHECK_SEVERITY_check18="Medium"
CHECK_ASFF_TYPE_check18="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check108="check18"
diff --git a/checks/check19 b/checks/check19
index e8b92818..49656b59 100644
--- a/checks/check19
+++ b/checks/check19
@@ -14,7 +14,7 @@
CHECK_ID_check19="1.9"
CHECK_TITLE_check19="[check19] Ensure IAM password policy requires minimum length of 14 or greater"
CHECK_SCORED_check19="SCORED"
-CHECK_TYPE_check19="LEVEL1"
+CHECK_CIS_LEVEL_check19="LEVEL1"
CHECK_SEVERITY_check19="Medium"
CHECK_ASFF_TYPE_check19="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check109="check19"
diff --git a/checks/check21 b/checks/check21
index 54a8b364..d963acbb 100644
--- a/checks/check21
+++ b/checks/check21
@@ -14,7 +14,7 @@
CHECK_ID_check21="2.1"
CHECK_TITLE_check21="[check21] Ensure CloudTrail is enabled in all regions"
CHECK_SCORED_check21="SCORED"
-CHECK_TYPE_check21="LEVEL1"
+CHECK_LEVEL_check21="LEVEL1"
CHECK_SEVERITY_check21="High"
CHECK_ASFF_TYPE_check21="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check21="AwsCloudTrailTrail"
diff --git a/checks/check22 b/checks/check22
index 3ae3e775..cca1a8da 100644
--- a/checks/check22
+++ b/checks/check22
@@ -14,7 +14,7 @@
CHECK_ID_check22="2.2"
CHECK_TITLE_check22="[check22] Ensure CloudTrail log file validation is enabled"
CHECK_SCORED_check22="SCORED"
-CHECK_TYPE_check22="LEVEL2"
+CHECK_CIS_LEVEL_check22="LEVEL2"
CHECK_SEVERITY_check22="Medium"
CHECK_ASFF_TYPE_check22="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check22="AwsCloudTrailTrail"
diff --git a/checks/check23 b/checks/check23
index 8e4fbf4c..48b9bf44 100644
--- a/checks/check23
+++ b/checks/check23
@@ -14,7 +14,7 @@
CHECK_ID_check23="2.3"
CHECK_TITLE_check23="[check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible"
CHECK_SCORED_check23="SCORED"
-CHECK_TYPE_check23="LEVEL1"
+CHECK_CIS_LEVEL_check23="LEVEL1"
CHECK_SEVERITY_check23="Critical"
CHECK_ASFF_TYPE_check23="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check23="AwsS3Bucket"
diff --git a/checks/check24 b/checks/check24
index 57691f3b..68cabd67 100644
--- a/checks/check24
+++ b/checks/check24
@@ -14,7 +14,7 @@
CHECK_ID_check24="2.4"
CHECK_TITLE_check24="[check24] Ensure CloudTrail trails are integrated with CloudWatch Logs"
CHECK_SCORED_check24="SCORED"
-CHECK_TYPE_check24="LEVEL1"
+CHECK_CIS_LEVEL_check24="LEVEL1"
CHECK_SEVERITY_check24="Low"
CHECK_ASFF_TYPE_check24="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check24="AwsCloudTrailTrail"
diff --git a/checks/check25 b/checks/check25
index c853cde5..752235fc 100644
--- a/checks/check25
+++ b/checks/check25
@@ -14,7 +14,7 @@
CHECK_ID_check25="2.5"
CHECK_TITLE_check25="[check25] Ensure AWS Config is enabled in all regions"
CHECK_SCORED_check25="SCORED"
-CHECK_TYPE_check25="LEVEL1"
+CHECK_CIS_LEVEL_check25="LEVEL1"
CHECK_SEVERITY_check25="Medium"
CHECK_ASFF_TYPE_check25="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check205="check25"
diff --git a/checks/check26 b/checks/check26
index a6663a22..166fbea5 100644
--- a/checks/check26
+++ b/checks/check26
@@ -14,7 +14,7 @@
CHECK_ID_check26="2.6"
CHECK_TITLE_check26="[check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket"
CHECK_SCORED_check26="SCORED"
-CHECK_TYPE_check26="LEVEL1"
+CHECK_CIS_LEVEL_check26="LEVEL1"
CHECK_SEVERITY_check26="Medium"
CHECK_ASFF_TYPE_check26="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check26="AwsS3Bucket"
diff --git a/checks/check27 b/checks/check27
index fa6a432d..c5304c74 100644
--- a/checks/check27
+++ b/checks/check27
@@ -14,7 +14,7 @@
CHECK_ID_check27="2.7"
CHECK_TITLE_check27="[check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs"
CHECK_SCORED_check27="SCORED"
-CHECK_TYPE_check27="LEVEL2"
+CHECK_CIS_LEVEL_check27="LEVEL2"
CHECK_SEVERITY_check27="Medium"
CHECK_ASFF_TYPE_check27="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check27="AwsCloudTrailTrail"
diff --git a/checks/check28 b/checks/check28
index aef746b1..1008a36d 100644
--- a/checks/check28
+++ b/checks/check28
@@ -14,7 +14,7 @@
CHECK_ID_check28="2.8"
CHECK_TITLE_check28="[check28] Ensure rotation for customer created KMS CMKs is enabled"
CHECK_SCORED_check28="SCORED"
-CHECK_TYPE_check28="LEVEL2"
+CHECK_CIS_LEVEL_check28="LEVEL2"
CHECK_SEVERITY_check28="Medium"
CHECK_ASFF_TYPE_check28="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check28="AwsKmsKey"
diff --git a/checks/check29 b/checks/check29
index 316c7275..dc9f37b4 100644
--- a/checks/check29
+++ b/checks/check29
@@ -14,7 +14,7 @@
CHECK_ID_check29="2.9"
CHECK_TITLE_check29="[check29] Ensure VPC Flow Logging is Enabled in all VPCs"
CHECK_SCORED_check29="SCORED"
-CHECK_TYPE_check29="LEVEL2"
+CHECK_CIS_LEVEL_check29="LEVEL2"
CHECK_SEVERITY_check29="Medium"
CHECK_ASFF_TYPE_check29="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check29="AwsEc2Vpc"
diff --git a/checks/check31 b/checks/check31
index 4411c6fa..b568027d 100644
--- a/checks/check31
+++ b/checks/check31
@@ -39,7 +39,7 @@
CHECK_ID_check31="3.1"
CHECK_TITLE_check31="[check31] Ensure a log metric filter and alarm exist for unauthorized API calls"
CHECK_SCORED_check31="SCORED"
-CHECK_TYPE_check31="LEVEL1"
+CHECK_CIS_LEVEL_check31="LEVEL1"
CHECK_SEVERITY_check31="Medium"
CHECK_ASFF_TYPE_check31="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check31="AwsCloudTrailTrail"
diff --git a/checks/check310 b/checks/check310
index 0a2d53d9..0b303701 100644
--- a/checks/check310
+++ b/checks/check310
@@ -39,7 +39,7 @@
CHECK_ID_check310="3.10"
CHECK_TITLE_check310="[check310] Ensure a log metric filter and alarm exist for security group changes"
CHECK_SCORED_check310="SCORED"
-CHECK_TYPE_check310="LEVEL2"
+CHECK_CIS_LEVEL_check310="LEVEL2"
CHECK_SEVERITY_check310="Medium"
CHECK_ASFF_TYPE_check310="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check310="AwsCloudTrailTrail"
diff --git a/checks/check311 b/checks/check311
index fb66edb6..21f0c612 100644
--- a/checks/check311
+++ b/checks/check311
@@ -39,7 +39,7 @@
CHECK_ID_check311="3.11"
CHECK_TITLE_check311="[check311] Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)"
CHECK_SCORED_check311="SCORED"
-CHECK_TYPE_check311="LEVEL2"
+CHECK_CIS_LEVEL_check311="LEVEL2"
CHECK_SEVERITY_check311="Medium"
CHECK_ASFF_TYPE_check311="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check311="AwsCloudTrailTrail"
diff --git a/checks/check312 b/checks/check312
index 1de26238..4391b8eb 100644
--- a/checks/check312
+++ b/checks/check312
@@ -39,7 +39,7 @@
CHECK_ID_check312="3.12"
CHECK_TITLE_check312="[check312] Ensure a log metric filter and alarm exist for changes to network gateways"
CHECK_SCORED_check312="SCORED"
-CHECK_TYPE_check312="LEVEL1"
+CHECK_CIS_LEVEL_check312="LEVEL1"
CHECK_SEVERITY_check312="Medium"
CHECK_ASFF_TYPE_check312="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check312="AwsCloudTrailTrail"
diff --git a/checks/check313 b/checks/check313
index 2ce23a51..abf64ad8 100644
--- a/checks/check313
+++ b/checks/check313
@@ -39,7 +39,7 @@
CHECK_ID_check313="3.13"
CHECK_TITLE_check313="[check313] Ensure a log metric filter and alarm exist for route table changes"
CHECK_SCORED_check313="SCORED"
-CHECK_TYPE_check313="LEVEL1"
+CHECK_CIS_LEVEL_check313="LEVEL1"
CHECK_SEVERITY_check313="Medium"
CHECK_ASFF_TYPE_check313="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check313="AwsCloudTrailTrail"
diff --git a/checks/check314 b/checks/check314
index a0d728bb..b7bdf533 100644
--- a/checks/check314
+++ b/checks/check314
@@ -39,7 +39,7 @@
CHECK_ID_check314="3.14"
CHECK_TITLE_check314="[check314] Ensure a log metric filter and alarm exist for VPC changes"
CHECK_SCORED_check314="SCORED"
-CHECK_TYPE_check314="LEVEL1"
+CHECK_CIS_LEVEL_check314="LEVEL1"
CHECK_SEVERITY_check314="Medium"
CHECK_ASFF_TYPE_check314="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check314="AwsCloudTrailTrail"
diff --git a/checks/check32 b/checks/check32
index b932b13a..9cc24aaa 100644
--- a/checks/check32
+++ b/checks/check32
@@ -39,7 +39,7 @@
CHECK_ID_check32="3.2"
CHECK_TITLE_check32="[check32] Ensure a log metric filter and alarm exist for Management Console sign-in without MFA"
CHECK_SCORED_check32="SCORED"
-CHECK_TYPE_check32="LEVEL1"
+CHECK_CIS_LEVEL_check32="LEVEL1"
CHECK_SEVERITY_check32="Medium"
CHECK_ASFF_TYPE_check32="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check32="AwsCloudTrailTrail"
diff --git a/checks/check33 b/checks/check33
index 1cd54328..26b94710 100644
--- a/checks/check33
+++ b/checks/check33
@@ -39,7 +39,7 @@
CHECK_ID_check33="3.3"
CHECK_TITLE_check33="[check33] Ensure a log metric filter and alarm exist for usage of root account"
CHECK_SCORED_check33="SCORED"
-CHECK_TYPE_check33="LEVEL1"
+CHECK_CIS_LEVEL_check33="LEVEL1"
CHECK_SEVERITY_check33="Medium"
CHECK_ASFF_TYPE_check33="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check33="AwsCloudTrailTrail"
diff --git a/checks/check34 b/checks/check34
index 250044e0..beb53bf1 100644
--- a/checks/check34
+++ b/checks/check34
@@ -39,7 +39,7 @@
CHECK_ID_check34="3.4"
CHECK_TITLE_check34="[check34] Ensure a log metric filter and alarm exist for IAM policy changes"
CHECK_SCORED_check34="SCORED"
-CHECK_TYPE_check34="LEVEL1"
+CHECK_CIS_LEVEL_check34="LEVEL1"
CHECK_SEVERITY_check34="Medium"
CHECK_ASFF_TYPE_check34="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check34="AwsCloudTrailTrail"
diff --git a/checks/check35 b/checks/check35
index bae1f254..089bd5ab 100644
--- a/checks/check35
+++ b/checks/check35
@@ -39,7 +39,7 @@
CHECK_ID_check35="3.5"
CHECK_TITLE_check35="[check35] Ensure a log metric filter and alarm exist for CloudTrail configuration changes"
CHECK_SCORED_check35="SCORED"
-CHECK_TYPE_check35="LEVEL1"
+CHECK_CIS_LEVEL_check35="LEVEL1"
CHECK_SEVERITY_check35="Medium"
CHECK_ASFF_TYPE_check35="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check35="AwsCloudTrailTrail"
diff --git a/checks/check36 b/checks/check36
index fc9e4c39..631ed607 100644
--- a/checks/check36
+++ b/checks/check36
@@ -39,7 +39,7 @@
CHECK_ID_check36="3.6"
CHECK_TITLE_check36="[check36] Ensure a log metric filter and alarm exist for AWS Management Console authentication failures"
CHECK_SCORED_check36="SCORED"
-CHECK_TYPE_check36="LEVEL2"
+CHECK_CIS_LEVEL_check36="LEVEL2"
CHECK_SEVERITY_check36="Medium"
CHECK_ASFF_TYPE_check36="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check36="AwsCloudTrailTrail"
diff --git a/checks/check37 b/checks/check37
index 03f593ea..d7e8668b 100644
--- a/checks/check37
+++ b/checks/check37
@@ -39,7 +39,7 @@
CHECK_ID_check37="3.7"
CHECK_TITLE_check37="[check37] Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs"
CHECK_SCORED_check37="SCORED"
-CHECK_TYPE_check37="LEVEL2"
+CHECK_CIS_LEVEL_check37="LEVEL2"
CHECK_SEVERITY_check37="Medium"
CHECK_ASFF_TYPE_check37="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check37="AwsCloudTrailTrail"
diff --git a/checks/check38 b/checks/check38
index 9d81443c..ce34e64d 100644
--- a/checks/check38
+++ b/checks/check38
@@ -39,7 +39,7 @@
CHECK_ID_check38="3.8"
CHECK_TITLE_check38="[check38] Ensure a log metric filter and alarm exist for S3 bucket policy changes"
CHECK_SCORED_check38="SCORED"
-CHECK_TYPE_check38="LEVEL1"
+CHECK_CIS_LEVEL_check38="LEVEL1"
CHECK_SEVERITY_check38="Medium"
CHECK_ASFF_TYPE_check38="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check38="AwsCloudTrailTrail"
diff --git a/checks/check39 b/checks/check39
index aabbd359..15be0316 100644
--- a/checks/check39
+++ b/checks/check39
@@ -39,7 +39,7 @@
CHECK_ID_check39="3.9"
CHECK_TITLE_check39="[check39] Ensure a log metric filter and alarm exist for AWS Config configuration changes"
CHECK_SCORED_check39="SCORED"
-CHECK_TYPE_check39="LEVEL2"
+CHECK_CIS_LEVEL_check39="LEVEL2"
CHECK_SEVERITY_check39="Medium"
CHECK_ASFF_TYPE_check39="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check39="AwsCloudTrailTrail"
diff --git a/checks/check41 b/checks/check41
index 02f0fbf5..f8af5e9b 100644
--- a/checks/check41
+++ b/checks/check41
@@ -14,7 +14,7 @@
CHECK_ID_check41="4.1"
CHECK_TITLE_check41="[check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22"
CHECK_SCORED_check41="SCORED"
-CHECK_TYPE_check41="LEVEL2"
+CHECK_CIS_LEVEL_check41="LEVEL2"
CHECK_SEVERITY_check41="High"
CHECK_ASFF_TYPE_check41="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check41="AwsEc2SecurityGroup"
diff --git a/checks/check42 b/checks/check42
index a2bf70fd..cf4b3cf2 100644
--- a/checks/check42
+++ b/checks/check42
@@ -14,7 +14,7 @@
CHECK_ID_check42="4.2"
CHECK_TITLE_check42="[check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389"
CHECK_SCORED_check42="SCORED"
-CHECK_TYPE_check42="LEVEL2"
+CHECK_CIS_LEVEL_check42="LEVEL2"
CHECK_SEVERITY_check42="High"
CHECK_ASFF_TYPE_check42="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check42="AwsEc2SecurityGroup"
diff --git a/checks/check43 b/checks/check43
index 205f4eb3..c3a57e12 100644
--- a/checks/check43
+++ b/checks/check43
@@ -14,7 +14,7 @@
CHECK_ID_check43="4.3"
CHECK_TITLE_check43="[check43] Ensure the default security group of every VPC restricts all traffic"
CHECK_SCORED_check43="SCORED"
-CHECK_TYPE_check43="LEVEL2"
+CHECK_CIS_LEVEL_check43="LEVEL2"
CHECK_SEVERITY_check43="High"
CHECK_ASFF_TYPE_check43="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check43="AwsEc2SecurityGroup"
diff --git a/checks/check44 b/checks/check44
index e5328c29..e6b8aee9 100644
--- a/checks/check44
+++ b/checks/check44
@@ -14,7 +14,7 @@
CHECK_ID_check44="4.4"
CHECK_TITLE_check44="[check44] Ensure routing tables for VPC peering are \"least access\""
CHECK_SCORED_check44="NOT_SCORED"
-CHECK_TYPE_check44="LEVEL2"
+CHECK_CIS_LEVEL_check44="LEVEL2"
CHECK_SEVERITY_check44="Medium"
CHECK_ASFF_TYPE_check44="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check44="AwsEc2Vpc"
diff --git a/checks/check45 b/checks/check45
index d68fc140..c9a461e9 100644
--- a/checks/check45
+++ b/checks/check45
@@ -14,7 +14,7 @@
CHECK_ID_check45="4.5"
CHECK_TITLE_check45="[check45] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22"
CHECK_SCORED_check45="SCORED"
-CHECK_TYPE_check45="LEVEL2"
+CHECK_CIS_LEVEL_check45="LEVEL2"
CHECK_SEVERITY_check45="High"
CHECK_ASFF_TYPE_check45="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check45="AwsEc2NetworkAcl"
diff --git a/checks/check46 b/checks/check46
index 02c2101b..72395991 100644
--- a/checks/check46
+++ b/checks/check46
@@ -14,7 +14,7 @@
CHECK_ID_check46="4.6"
CHECK_TITLE_check46="[check46] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389"
CHECK_SCORED_check46="SCORED"
-CHECK_TYPE_check46="LEVEL2"
+CHECK_CIS_LEVEL_check46="LEVEL2"
CHECK_SEVERITY_check46="High"
CHECK_ASFF_TYPE_check46="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_check46="AwsEc2NetworkAcl"
diff --git a/checks/check_extra71 b/checks/check_extra71
index 4bf1706c..ca1ecb50 100644
--- a/checks/check_extra71
+++ b/checks/check_extra71
@@ -13,7 +13,7 @@
CHECK_ID_extra71="7.1"
CHECK_TITLE_extra71="[extra71] Ensure users of groups with AdministratorAccess policy have MFA tokens enabled"
CHECK_SCORED_extra71="NOT_SCORED"
-CHECK_TYPE_extra71="EXTRA"
+CHECK_CIS_LEVEL_extra71="EXTRA"
CHECK_SEVERITY_extra71="High"
CHECK_ASFF_RESOURCE_TYPE_extra71="AwsIamUser"
CHECK_ALTERNATE_extra701="extra71"
diff --git a/checks/check_extra710 b/checks/check_extra710
index a1c10252..ffd3b035 100644
--- a/checks/check_extra710
+++ b/checks/check_extra710
@@ -13,7 +13,7 @@
CHECK_ID_extra710="7.10"
CHECK_TITLE_extra710="[extra710] Check for internet facing EC2 Instances"
CHECK_SCORED_extra710="NOT_SCORED"
-CHECK_TYPE_extra710="EXTRA"
+CHECK_CIS_LEVEL_extra710="EXTRA"
CHECK_SEVERITY_extra710="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra710="AwsEc2Instance"
CHECK_ALTERNATE_check710="extra710"
diff --git a/checks/check_extra7100 b/checks/check_extra7100
index 8e2a3807..cd5d8e01 100644
--- a/checks/check_extra7100
+++ b/checks/check_extra7100
@@ -17,7 +17,7 @@
CHECK_ID_extra7100="7.100"
CHECK_TITLE_extra7100="[extra7100] Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *)"
CHECK_SCORED_extra7100="NOT_SCORED"
-CHECK_TYPE_extra7100="EXTRA"
+CHECK_CIS_LEVEL_extra7100="EXTRA"
CHECK_SEVERITY_extra7100="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra7100="AwsIamPolicy"
CHECK_ALTERNATE_check7100="extra7100"
diff --git a/checks/check_extra7101 b/checks/check_extra7101
index e1ba8dbb..a4fd714c 100644
--- a/checks/check_extra7101
+++ b/checks/check_extra7101
@@ -14,7 +14,7 @@
CHECK_ID_extra7101="7.101"
CHECK_TITLE_extra7101="[extra7101] Check if Amazon Elasticsearch Service (ES) domains have audit logging enabled"
CHECK_SCORED_extra7101="NOT_SCORED"
-CHECK_TYPE_extra7101="EXTRA"
+CHECK_CIS_LEVEL_extra7101="EXTRA"
CHECK_SEVERITY_extra7101="Low"
CHECK_ASFF_RESOURCE_TYPE_extra7101="AwsElasticsearchDomain"
CHECK_ALTERNATE_check7101="extra7101"
diff --git a/checks/check_extra7102 b/checks/check_extra7102
index b9efcc29..f16c3908 100644
--- a/checks/check_extra7102
+++ b/checks/check_extra7102
@@ -13,7 +13,7 @@
CHECK_ID_extra7102="7.102"
CHECK_TITLE_extra7102="[extra7102] Check if any of the Elastic or Public IP are in Shodan (requires Shodan API KEY)"
CHECK_SCORED_extra7102="NOT_SCORED"
-CHECK_TYPE_extra7102="EXTRA"
+CHECK_CIS_LEVEL_extra7102="EXTRA"
CHECK_SEVERITY_extra7102="High"
CHECK_ASFF_RESOURCE_TYPE_extra7102="AwsEc2Eip"
CHECK_ALTERNATE_check7102="extra7102"
diff --git a/checks/check_extra7103 b/checks/check_extra7103
index 558a1d94..12ace203 100644
--- a/checks/check_extra7103
+++ b/checks/check_extra7103
@@ -14,7 +14,7 @@
CHECK_ID_extra7103="7.103"
CHECK_TITLE_extra7103="[extra7103] Check if Amazon SageMaker Notebook instances have root access disabled"
CHECK_SCORED_extra7103="NOT_SCORED"
-CHECK_TYPE_extra7103="EXTRA"
+CHECK_CIS_LEVEL_extra7103="EXTRA"
CHECK_ASFF_RESOURCE_TYPE_extra7103="AwsSageMakerNotebookInstance"
CHECK_ALTERNATE_check7103="extra7103"
CHECK_SEVERITY_extra7103="Medium"
diff --git a/checks/check_extra7104 b/checks/check_extra7104
index 00b9b065..7697ad50 100644
--- a/checks/check_extra7104
+++ b/checks/check_extra7104
@@ -14,7 +14,7 @@
CHECK_ID_extra7104="7.104"
CHECK_TITLE_extra7104="[extra7104] Check if Amazon SageMaker Notebook instances have VPC settings configured"
CHECK_SCORED_extra7104="NOT_SCORED"
-CHECK_TYPE_extra7104="EXTRA"
+CHECK_CIS_LEVEL_extra7104="EXTRA"
CHECK_ASFF_RESOURCE_TYPE_extra7104="AwsSageMakerNotebookInstance"
CHECK_ALTERNATE_check7104="extra7104"
CHECK_SEVERITY_extra7104="Medium"
diff --git a/checks/check_extra7105 b/checks/check_extra7105
index 1316a431..1b2d2c89 100644
--- a/checks/check_extra7105
+++ b/checks/check_extra7105
@@ -14,7 +14,7 @@
CHECK_ID_extra7105="7.105"
CHECK_TITLE_extra7105="[extra7105] Check if Amazon SageMaker Models have network isolation enabled"
CHECK_SCORED_extra7105="NOT_SCORED"
-CHECK_TYPE_extra7105="EXTRA"
+CHECK_CIS_LEVEL_extra7105="EXTRA"
CHECK_ASFF_RESOURCE_TYPE_extra7105="AwsSageMakerModel"
CHECK_ALTERNATE_check7105="extra7105"
CHECK_SEVERITY_extra7105="Medium"
diff --git a/checks/check_extra7106 b/checks/check_extra7106
index e49b8a50..af09f269 100644
--- a/checks/check_extra7106
+++ b/checks/check_extra7106
@@ -14,7 +14,7 @@
CHECK_ID_extra7106="7.106"
CHECK_TITLE_extra7106="[extra7106] Check if Amazon SageMaker Models have VPC settings configured"
CHECK_SCORED_extra7106="NOT_SCORED"
-CHECK_TYPE_extra7106="EXTRA"
+CHECK_CIS_LEVEL_extra7106="EXTRA"
CHECK_ASFF_RESOURCE_TYPE_extra7106="AwsSageMakerModel"
CHECK_ALTERNATE_check7106="extra7106"
CHECK_SEVERITY_extra7106="Medium"
diff --git a/checks/check_extra7107 b/checks/check_extra7107
index 2f8c70a6..e5536e87 100644
--- a/checks/check_extra7107
+++ b/checks/check_extra7107
@@ -14,7 +14,7 @@
CHECK_ID_extra7107="7.107"
CHECK_TITLE_extra7107="[extra7107] Check if Amazon SageMaker Training jobs have intercontainer encryption enabled"
CHECK_SCORED_extra7107="NOT_SCORED"
-CHECK_TYPE_extra7107="EXTRA"
+CHECK_CIS_LEVEL_extra7107="EXTRA"
CHECK_ASFF_RESOURCE_TYPE_extra7107="AwsSageMakerNotebookInstance"
CHECK_ALTERNATE_check7107="extra7107"
CHECK_SEVERITY_extra7107="Medium"
diff --git a/checks/check_extra7108 b/checks/check_extra7108
index f84f6997..2956afe8 100644
--- a/checks/check_extra7108
+++ b/checks/check_extra7108
@@ -14,7 +14,7 @@
CHECK_ID_extra7108="7.108"
CHECK_TITLE_extra7108="[extra7108] Check if Amazon SageMaker Training jobs have volume and output with KMS encryption enabled"
CHECK_SCORED_extra7108="NOT_SCORED"
-CHECK_TYPE_extra7108="EXTRA"
+CHECK_CIS_LEVEL_extra7108="EXTRA"
CHECK_ASFF_RESOURCE_TYPE_extra7108="AwsSageMakerNotebookInstance"
CHECK_ALTERNATE_check7108="extra7108"
CHECK_SEVERITY_extra7108="Medium"
diff --git a/checks/check_extra7109 b/checks/check_extra7109
index 80778fd2..90d036e0 100644
--- a/checks/check_extra7109
+++ b/checks/check_extra7109
@@ -14,7 +14,7 @@
CHECK_ID_extra7109="7.109"
CHECK_TITLE_extra7109="[extra7109] Check if Amazon SageMaker Training jobs have network isolation enabled"
CHECK_SCORED_extra7109="NOT_SCORED"
-CHECK_TYPE_extra7109="EXTRA"
+CHECK_CIS_LEVEL_extra7109="EXTRA"
CHECK_ASFF_RESOURCE_TYPE_extra7109="AwsSageMakerNotebookInstance"
CHECK_ALTERNATE_check7109="extra7109"
CHECK_SEVERITY_extra7109="Medium"
diff --git a/checks/check_extra711 b/checks/check_extra711
index 4a0b5d66..34e2947a 100644
--- a/checks/check_extra711
+++ b/checks/check_extra711
@@ -13,7 +13,7 @@
CHECK_ID_extra711="7.11"
CHECK_TITLE_extra711="[extra711] Check for Publicly Accessible Redshift Clusters"
CHECK_SCORED_extra711="NOT_SCORED"
-CHECK_TYPE_extra711="EXTRA"
+CHECK_CIS_LEVEL_extra711="EXTRA"
CHECK_SEVERITY_extra711="High"
CHECK_ASFF_RESOURCE_TYPE_extra711="AwsRedshiftCluster"
CHECK_ALTERNATE_check711="extra711"
diff --git a/checks/check_extra7110 b/checks/check_extra7110
index 5a6ebefc..448e2308 100644
--- a/checks/check_extra7110
+++ b/checks/check_extra7110
@@ -14,7 +14,7 @@
CHECK_ID_extra7110="7.110"
CHECK_TITLE_extra7110="[extra7110] Check if Amazon SageMaker Training job have VPC settings configured."
CHECK_SCORED_extra7110="NOT_SCORED"
-CHECK_TYPE_extra7110="EXTRA"
+CHECK_CIS_LEVEL_extra7110="EXTRA"
CHECK_ASFF_RESOURCE_TYPE_extra7110="AwsSageMakerNotebookInstance"
CHECK_ALTERNATE_check7110="extra7110"
CHECK_SEVERITY_extra7110="Medium"
diff --git a/checks/check_extra7111 b/checks/check_extra7111
index 965c6048..a6669a09 100644
--- a/checks/check_extra7111
+++ b/checks/check_extra7111
@@ -14,7 +14,7 @@
CHECK_ID_extra7111="7.111"
CHECK_TITLE_extra7111="[extra7111] Check if Amazon SageMaker Notebook instances have direct internet access"
CHECK_SCORED_extra7111="NOT_SCORED"
-CHECK_TYPE_extra7111="EXTRA"
+CHECK_CIS_LEVEL_extra7111="EXTRA"
CHECK_ASFF_RESOURCE_TYPE_extra7111="AwsSageMakerNotebookInstance"
CHECK_ALTERNATE_check7111="extra7111"
CHECK_SEVERITY_extra7111="Medium"
diff --git a/checks/check_extra7112 b/checks/check_extra7112
index ed954a9d..e031065d 100644
--- a/checks/check_extra7112
+++ b/checks/check_extra7112
@@ -14,7 +14,7 @@
CHECK_ID_extra7112="7.112"
CHECK_TITLE_extra7112="[extra7112] Check if Amazon SageMaker Notebook instances have data encryption enabled"
CHECK_SCORED_extra7112="NOT_SCORED"
-CHECK_TYPE_extra7112="EXTRA"
+CHECK_CIS_LEVEL_extra7112="EXTRA"
CHECK_ASFF_RESOURCE_TYPE_extra7112="AwsSageMakerNotebookInstance"
CHECK_ALTERNATE_check7112="extra7112"
CHECK_SEVERITY_extra7112="Medium"
diff --git a/checks/check_extra7113 b/checks/check_extra7113
index 3412a56b..4afcfdc3 100644
--- a/checks/check_extra7113
+++ b/checks/check_extra7113
@@ -25,7 +25,7 @@
CHECK_ID_extra7113="7.113"
CHECK_TITLE_extra7113="[extra7113] Check if RDS instances have deletion protection enabled "
CHECK_SCORED_extra7113="NOT_SCORED"
-CHECK_TYPE_extra7113="EXTRA"
+CHECK_CIS_LEVEL_extra7113="EXTRA"
CHECK_SEVERITY_extra7113="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7113="AwsRdsDbInstance"
CHECK_ALTERNATE_check7113="extra7113"
diff --git a/checks/check_extra7114 b/checks/check_extra7114
index 93c7906a..91a640bb 100644
--- a/checks/check_extra7114
+++ b/checks/check_extra7114
@@ -14,7 +14,7 @@
CHECK_ID_extra7114="7.114"
CHECK_TITLE_extra7114="[extra7114] Check if Glue development endpoints have S3 encryption enabled."
CHECK_SCORED_extra7114="NOT_SCORED"
-CHECK_TYPE_extra7114="EXTRA"
+CHECK_CIS_LEVEL_extra7114="EXTRA"
CHECK_SEVERITY_extra7114="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7114="AwsGlue"
CHECK_ALTERNATE_check7114="extra7114"
diff --git a/checks/check_extra7115 b/checks/check_extra7115
index 14e4e9b8..e09e6590 100644
--- a/checks/check_extra7115
+++ b/checks/check_extra7115
@@ -13,7 +13,7 @@
CHECK_ID_extra7115="7.115"
CHECK_TITLE_extra7115="[extra7115] Check if Glue database connection has SSL connection enabled."
CHECK_SCORED_extra7115="NOT_SCORED"
-CHECK_TYPE_extra7115="EXTRA"
+CHECK_CIS_LEVEL_extra7115="EXTRA"
CHECK_SEVERITY_extra7115="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7115="AwsGlue"
CHECK_ALTERNATE_check7115="extra7115"
diff --git a/checks/check_extra7116 b/checks/check_extra7116
index 43136f76..77f4eee8 100644
--- a/checks/check_extra7116
+++ b/checks/check_extra7116
@@ -13,7 +13,7 @@
CHECK_ID_extra7116="7.116"
CHECK_TITLE_extra7116="[extra7116] Check if Glue data catalog settings have metadata encryption enabled."
CHECK_SCORED_extra7116="NOT_SCORED"
-CHECK_TYPE_extra7116="EXTRA"
+CHECK_CIS_LEVEL_extra7116="EXTRA"
CHECK_SEVERITY_extra7116="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7116="AwsGlue"
CHECK_ALTERNATE_check7116="extra7116"
diff --git a/checks/check_extra7117 b/checks/check_extra7117
index f0eeb03e..ce2ebcab 100644
--- a/checks/check_extra7117
+++ b/checks/check_extra7117
@@ -13,7 +13,7 @@
CHECK_ID_extra7117="7.117"
CHECK_TITLE_extra7117="[extra7117] Check if Glue data catalog settings have encrypt connection password enabled."
CHECK_SCORED_extra7117="NOT_SCORED"
-CHECK_TYPE_extra7117="EXTRA"
+CHECK_CIS_LEVEL_extra7117="EXTRA"
CHECK_SEVERITY_extra7117="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7117="AwsGlue"
CHECK_ALTERNATE_check7117="extra7117"
diff --git a/checks/check_extra7118 b/checks/check_extra7118
index 12cc7b08..a55996ec 100644
--- a/checks/check_extra7118
+++ b/checks/check_extra7118
@@ -13,7 +13,7 @@
CHECK_ID_extra7118="7.118"
CHECK_TITLE_extra7118="[extra7118] Check if Glue ETL Jobs have S3 encryption enabled."
CHECK_SCORED_extra7118="NOT_SCORED"
-CHECK_TYPE_extra7118="EXTRA"
+CHECK_CIS_LEVEL_extra7118="EXTRA"
CHECK_SEVERITY_extra7118="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7118="AwsGlue"
CHECK_ALTERNATE_check7118="extra7118"
diff --git a/checks/check_extra7119 b/checks/check_extra7119
index 4f6e904b..a6a0a4f2 100644
--- a/checks/check_extra7119
+++ b/checks/check_extra7119
@@ -14,7 +14,7 @@
CHECK_ID_extra7119="7.119"
CHECK_TITLE_extra7119="[extra7119] Check if Glue development endpoints have CloudWatch logs encryption enabled."
CHECK_SCORED_extra7119="NOT_SCORED"
-CHECK_TYPE_extra7119="EXTRA"
+CHECK_CIS_LEVEL_extra7119="EXTRA"
CHECK_SEVERITY_extra7119="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7119="AwsGlue"
CHECK_ALTERNATE_check7119="extra7119"
diff --git a/checks/check_extra712 b/checks/check_extra712
index 754c3559..d14d60ba 100644
--- a/checks/check_extra712
+++ b/checks/check_extra712
@@ -13,7 +13,7 @@
CHECK_ID_extra712="7.12"
CHECK_TITLE_extra712="[extra712] Check if Amazon Macie is enabled"
CHECK_SCORED_extra712="NOT_SCORED"
-CHECK_TYPE_extra712="EXTRA"
+CHECK_CIS_LEVEL_extra712="EXTRA"
CHECK_SEVERITY_extra712="Low"
CHECK_ALTERNATE_check712="extra712"
CHECK_ASFF_RESOURCE_TYPE_extra712="AwsMacieSession"
diff --git a/checks/check_extra7120 b/checks/check_extra7120
index d4217ed2..37cd3094 100644
--- a/checks/check_extra7120
+++ b/checks/check_extra7120
@@ -13,7 +13,7 @@
CHECK_ID_extra7120="7.120"
CHECK_TITLE_extra7120="[extra7120] Check if Glue ETL Jobs have CloudWatch Logs encryption enabled."
CHECK_SCORED_extra7120="NOT_SCORED"
-CHECK_TYPE_extra7120="EXTRA"
+CHECK_CIS_LEVEL_extra7120="EXTRA"
CHECK_SEVERITY_extra7120="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7120="AwsGlue"
CHECK_ALTERNATE_check7120="extra7120"
diff --git a/checks/check_extra7121 b/checks/check_extra7121
index 032bcfa5..26087e05 100644
--- a/checks/check_extra7121
+++ b/checks/check_extra7121
@@ -14,7 +14,7 @@
CHECK_ID_extra7121="7.121"
CHECK_TITLE_extra7121="[extra7121] Check if Glue development endpoints have Job bookmark encryption enabled."
CHECK_SCORED_extra7121="NOT_SCORED"
-CHECK_TYPE_extra7121="EXTRA"
+CHECK_CIS_LEVEL_extra7121="EXTRA"
CHECK_SEVERITY_extra7121="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7121="AwsGlue"
CHECK_ALTERNATE_check7121="extra7121"
diff --git a/checks/check_extra7122 b/checks/check_extra7122
index 1b4f8d27..ac163833 100644
--- a/checks/check_extra7122
+++ b/checks/check_extra7122
@@ -13,7 +13,7 @@
CHECK_ID_extra7122="7.122"
CHECK_TITLE_extra7122="[extra7122] Check if Glue ETL Jobs have Job bookmark encryption enabled."
CHECK_SCORED_extra7122="NOT_SCORED"
-CHECK_TYPE_extra7122="EXTRA"
+CHECK_CIS_LEVEL_extra7122="EXTRA"
CHECK_SEVERITY_extra7122="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7122="AwsGlue"
CHECK_ALTERNATE_check7122="extra7122"
diff --git a/checks/check_extra7123 b/checks/check_extra7123
index c462f749..fecf5185 100644
--- a/checks/check_extra7123
+++ b/checks/check_extra7123
@@ -13,7 +13,7 @@
CHECK_ID_extra7123="7.123"
CHECK_TITLE_extra7123="[extra7123] Check if IAM users have two active access keys"
CHECK_SCORED_extra7123="NOT_SCORED"
-CHECK_TYPE_extra7123="EXTRA"
+CHECK_CIS_LEVEL_extra7123="EXTRA"
CHECK_SEVERITY_extra7123="Medium"
CHECK_ASFF_TYPE_extra7123="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_extra7123="AwsIamUser"
diff --git a/checks/check_extra7124 b/checks/check_extra7124
index df02efaf..7a7e8b1f 100644
--- a/checks/check_extra7124
+++ b/checks/check_extra7124
@@ -13,7 +13,7 @@
CHECK_ID_extra7124="7.124"
CHECK_TITLE_extra7124="[extra7124] Check if EC2 instances are managed by Systems Manager."
CHECK_SCORED_extra7124="NOT_SCORED"
-CHECK_TYPE_extra7124="EXTRA"
+CHECK_CIS_LEVEL_extra7124="EXTRA"
CHECK_SEVERITY_extra7124="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7124="AwsEc2Instance"
CHECK_ALTERNATE_check7124="extra7124"
diff --git a/checks/check_extra7125 b/checks/check_extra7125
index 545d6d8b..d41b8475 100644
--- a/checks/check_extra7125
+++ b/checks/check_extra7125
@@ -13,7 +13,7 @@
CHECK_ID_extra7125="7.125"
CHECK_TITLE_extra7125="[extra7125] Check if IAM users have Hardware MFA enabled."
CHECK_SCORED_extra7125="NOT_SCORED"
-CHECK_TYPE_extra7125="EXTRA"
+CHECK_CIS_LEVEL_extra7125="EXTRA"
CHECK_SEVERITY_extra7125="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7125="AwsIamUser"
CHECK_ALTERNATE_check7125="extra7125"
diff --git a/checks/check_extra7126 b/checks/check_extra7126
index 6017afa4..31d9fdeb 100644
--- a/checks/check_extra7126
+++ b/checks/check_extra7126
@@ -13,7 +13,7 @@
CHECK_ID_extra7126="7.126"
CHECK_TITLE_extra7126="[extra7126] Check if there are CMK KMS keys not used"
CHECK_SCORED_extra7126="NOT_SCORED"
-CHECK_TYPE_extra7126="EXTRA"
+CHECK_CIS_LEVEL_extra7126="EXTRA"
CHECK_SEVERITY_extra7126="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7126="AwsKmsKey"
CHECK_ALTERNATE_check7126="extra7126"
diff --git a/checks/check_extra7127 b/checks/check_extra7127
index cc23e4b6..9c12009a 100644
--- a/checks/check_extra7127
+++ b/checks/check_extra7127
@@ -13,7 +13,7 @@
CHECK_ID_extra7127="7.127"
CHECK_TITLE_extra7127="[extra7127] Check if EC2 instances managed by Systems Manager are compliant with patching requirements"
CHECK_SCORED_extra7127="NOT_SCORED"
-CHECK_TYPE_extra7127="EXTRA"
+CHECK_CIS_LEVEL_extra7127="EXTRA"
CHECK_SEVERITY_extra7127="High"
CHECK_ASFF_RESOURCE_TYPE_extra7127="AwsEc2Instance"
CHECK_ASFF_TYPE_extra7127="Software and Configuration Checks/ENS op.exp.4.aws.sys.1"
diff --git a/checks/check_extra7128 b/checks/check_extra7128
index 20182e8c..f9ad2cda 100644
--- a/checks/check_extra7128
+++ b/checks/check_extra7128
@@ -13,7 +13,7 @@
CHECK_ID_extra7128="7.128"
CHECK_TITLE_extra7128="[extra7128] Check if DynamoDB table has encryption at rest enabled using CMK KMS"
CHECK_SCORED_extra7128="NOT_SCORED"
-CHECK_TYPE_extra7128="EXTRA"
+CHECK_CIS_LEVEL_extra7128="EXTRA"
CHECK_SEVERITY_extra7128="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7128="AwsDynamoDBTable"
CHECK_ALTERNATE_check7128="extra7128"
diff --git a/checks/check_extra7129 b/checks/check_extra7129
index ddeb1c77..caa6fefa 100644
--- a/checks/check_extra7129
+++ b/checks/check_extra7129
@@ -13,7 +13,7 @@
CHECK_ID_extra7129="7.129"
CHECK_TITLE_extra7129="[extra7129] Check if Application Load Balancer has a WAF ACL attached"
CHECK_SCORED_extra7129="NOT_SCORED"
-CHECK_TYPE_extra7129="EXTRA"
+CHECK_CIS_LEVEL_extra7129="EXTRA"
CHECK_SEVERITY_extra7129="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7129="AwsElasticLoadBalancingV2LoadBalancer"
CHECK_ALTERNATE_check7129="extra7129"
@@ -24,49 +24,54 @@ CHECK_REMEDIATION_extra7129='Using the AWS Management Console open the AWS WAF c
CHECK_DOC_extra7129='https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-associating-aws-resource.html'
CHECK_CAF_EPIC_extra7129='Infrastructure Security'
+PARALLEL_REGIONS="50"
+
extra7129(){
for regx in $REGIONS; do
- LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[?Scheme == `internet-facing` && Type == `application`].[LoadBalancerName]' --output text)
- LIST_OF_WAFV2_WEBACL_ARN=$($AWSCLI wafv2 list-web-acls $PROFILE_OPT --region=$regx --scope=REGIONAL --query WebACLs[*].ARN --output text)
- LIST_OF_WAFV1_WEBACL_WEBACLID=$($AWSCLI waf-regional list-web-acls $PROFILE_OPT --region $regx --query WebACLs[*].[WebACLId] --output text)
+ # (
+ LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[?Scheme == `internet-facing` && Type == `application`].[LoadBalancerName]' --output text)
+ LIST_OF_WAFV2_WEBACL_ARN=$($AWSCLI wafv2 list-web-acls $PROFILE_OPT --region=$regx --scope=REGIONAL --query WebACLs[*].ARN --output text)
+ LIST_OF_WAFV1_WEBACL_WEBACLID=$($AWSCLI waf-regional list-web-acls $PROFILE_OPT --region $regx --query WebACLs[*].[WebACLId] --output text)
- if [[ $LIST_OF_ELBSV2 ]]; then
- for alb in $LIST_OF_ELBSV2; do
- if [[ ${#LIST_OF_WAFV2_WEBACL_ARN[@]} -gt 0 || ${#LIST_OF_WAFV1_WEBACL_WEBACLID[@]} -gt 0 ]]; then
- WAF_PROTECTED_ALBS=()
- for wafaclarn in $LIST_OF_WAFV2_WEBACL_ARN; do
- ALB_RESOURCES_IN_WEBACL=$($AWSCLI wafv2 list-resources-for-web-acl $PROFILE_OPT --web-acl-arn $wafaclarn --region=$regx --resource-type APPLICATION_LOAD_BALANCER --query ResourceArns --output text | xargs -n1 | awk -F'/' '{ print $3 }'| grep $alb)
- if [[ $ALB_RESOURCES_IN_WEBACL ]]; then
- WAF_PROTECTED_ALBS+=($wafaclarn)
+ if [[ $LIST_OF_ELBSV2 ]]; then
+ for alb in $LIST_OF_ELBSV2; do
+ if [[ ${#LIST_OF_WAFV2_WEBACL_ARN[@]} -gt 0 || ${#LIST_OF_WAFV1_WEBACL_WEBACLID[@]} -gt 0 ]]; then
+ WAF_PROTECTED_ALBS=()
+ for wafaclarn in $LIST_OF_WAFV2_WEBACL_ARN; do
+ ALB_RESOURCES_IN_WEBACL=$($AWSCLI wafv2 list-resources-for-web-acl $PROFILE_OPT --web-acl-arn $wafaclarn --region=$regx --resource-type APPLICATION_LOAD_BALANCER --query ResourceArns --output text | xargs -n1 | awk -F'/' '{ print $3 }'| grep $alb)
+ if [[ $ALB_RESOURCES_IN_WEBACL ]]; then
+ WAF_PROTECTED_ALBS+=($wafaclarn)
+ fi
+ done
+ for wafv1aclid in $LIST_OF_WAFV1_WEBACL_WEBACLID; do
+ ALB_RESOURCES_IN_WEBACL=$($AWSCLI waf-regional list-resources-for-web-acl $PROFILE_OPT --web-acl-id $wafv1aclid --region=$regx --resource-type APPLICATION_LOAD_BALANCER --output text --query "[ResourceArns]"| grep $alb)
+ if [[ $ALB_RESOURCES_IN_WEBACL ]]; then
+ WAFv1_PROTECTED_ALBS+=($wafv1aclid)
+ fi
+ done
+ if [[ ${#WAF_PROTECTED_ALBS[@]} -gt 0 || ${#WAFv1_PROTECTED_ALBS[@]} -gt 0 ]]; then
+ if [[ ${#WAF_PROTECTED_ALBS[@]} -gt 0 ]]; then
+ for wafaclarn in "${WAF_PROTECTED_ALBS[@]}"; do
+ WAFV2_WEBACL_ARN_SHORT=$(echo $wafaclarn | awk -F'/' '{ print $3 }')
+ textPass "$regx: Application Load Balancer $alb is protected by WAFv2 ACL $WAFV2_WEBACL_ARN_SHORT" "$regx" "$alb"
+ done
+ fi
+ if [[ ${#WAFv1_PROTECTED_ALBS[@]} -gt 0 ]]; then
+ for wafv1aclid in "${WAFv1_PROTECTED_ALBS[@]}"; do
+ textPass "$regx: Application Load Balancer $alb is protected by WAFv1 ACL $wafv1aclid" "$regx" "$alb"
+ done
+ fi
+ else
+ textFail "$regx: Application Load Balancer $alb is not protected by WAF ACL" "$regx" "$alb"
+ fi
+ else
+ textFail "$regx: Application Load Balancer $alb is not protected no WAF ACL found" "$regx" "$alb"
fi
done
- for wafv1aclid in $LIST_OF_WAFV1_WEBACL_WEBACLID; do
- ALB_RESOURCES_IN_WEBACL=$($AWSCLI waf-regional list-resources-for-web-acl $PROFILE_OPT --web-acl-id $wafv1aclid --region=$regx --resource-type APPLICATION_LOAD_BALANCER --output text --query "[ResourceArns]"| grep $alb)
- if [[ $ALB_RESOURCES_IN_WEBACL ]]; then
- WAFv1_PROTECTED_ALBS+=($wafv1aclid)
- fi
- done
- if [[ ${#WAF_PROTECTED_ALBS[@]} -gt 0 || ${#WAFv1_PROTECTED_ALBS[@]} -gt 0 ]]; then
- if [[ ${#WAF_PROTECTED_ALBS[@]} -gt 0 ]]; then
- for wafaclarn in "${WAF_PROTECTED_ALBS[@]}"; do
- WAFV2_WEBACL_ARN_SHORT=$(echo $wafaclarn | awk -F'/' '{ print $3 }')
- textPass "$regx: Application Load Balancer $alb is protected by WAFv2 ACL $WAFV2_WEBACL_ARN_SHORT" "$regx" "$alb"
- done
- fi
- if [[ ${#WAFv1_PROTECTED_ALBS[@]} -gt 0 ]]; then
- for wafv1aclid in "${WAFv1_PROTECTED_ALBS[@]}"; do
- textPass "$regx: Application Load Balancer $alb is protected by WAFv1 ACL $wafv1aclid" "$regx" "$alb"
- done
- fi
- else
- textFail "$regx: Application Load Balancer $alb is not protected by WAF ACL" "$regx" "$alb"
- fi
else
- textFail "$regx: Application Load Balancer $alb is not protected no WAF ACL found" "$regx" "$alb"
+ textInfo "$regx: No Application Load Balancers found" "$regx"
fi
- done
- else
- textInfo "$regx: No Application Load Balancers found" "$regx"
- fi
+ # ) &
done
+ # wait
}
\ No newline at end of file
diff --git a/checks/check_extra713 b/checks/check_extra713
index 7a83b9bb..01f96d58 100644
--- a/checks/check_extra713
+++ b/checks/check_extra713
@@ -13,7 +13,7 @@
CHECK_ID_extra713="7.13"
CHECK_TITLE_extra713="[extra713] Check if GuardDuty is enabled"
CHECK_SCORED_extra713="NOT_SCORED"
-CHECK_TYPE_extra713="EXTRA"
+CHECK_CIS_LEVEL_extra713="EXTRA"
CHECK_SEVERITY_extra713="High"
CHECK_ALTERNATE_check713="extra713"
CHECK_ASFF_COMPLIANCE_TYPE_extra713="ens-op.mon.1.aws.duty.1"
diff --git a/checks/check_extra7130 b/checks/check_extra7130
index a302f0d4..251f6c5d 100644
--- a/checks/check_extra7130
+++ b/checks/check_extra7130
@@ -14,7 +14,7 @@
CHECK_ID_extra7130="7.130"
CHECK_TITLE_extra7130="[extra7130] Ensure there are no SNS Topics unencrypted"
CHECK_SCORED_extra7130="NOT_SCORED"
-CHECK_TYPE_extra7130="EXTRA"
+CHECK_CIS_LEVEL_extra7130="EXTRA"
CHECK_SEVERITY_extra7130="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7130="AwsSnsTopic"
CHECK_ALTERNATE_check7130="extra7130"
diff --git a/checks/check_extra7131 b/checks/check_extra7131
index 946f1682..dbd22bd9 100644
--- a/checks/check_extra7131
+++ b/checks/check_extra7131
@@ -13,7 +13,7 @@
CHECK_ID_extra7131="7.131"
CHECK_TITLE_extra7131="[extra7131] Ensure RDS instances have minor version upgrade enabled"
CHECK_SCORED_extra7131="NOT_SCORED"
-CHECK_TYPE_extra7131="EXTRA"
+CHECK_CIS_LEVEL_extra7131="EXTRA"
CHECK_SEVERITY_extra7131="Low"
CHECK_ASFF_RESOURCE_TYPE_extra7131="AwsRdsDbInstance"
CHECK_ALTERNATE_check7131="extra7131"
diff --git a/checks/check_extra7132 b/checks/check_extra7132
index 5eefb58f..4d3af561 100644
--- a/checks/check_extra7132
+++ b/checks/check_extra7132
@@ -13,7 +13,7 @@
CHECK_ID_extra7132="7.132"
CHECK_TITLE_extra7132="[extra7132] Check if RDS instances has enhanced monitoring enabled"
CHECK_SCORED_extra7132="NOT_SCORED"
-CHECK_TYPE_extra7132="EXTRA"
+CHECK_CIS_LEVEL_extra7132="EXTRA"
CHECK_SEVERITY_extra7132="Low"
CHECK_ASFF_RESOURCE_TYPE_extra7132="AwsRdsDbInstance"
CHECK_ALTERNATE_check7132="extra7132"
diff --git a/checks/check_extra7133 b/checks/check_extra7133
index c2eefd5e..ee20f261 100644
--- a/checks/check_extra7133
+++ b/checks/check_extra7133
@@ -13,7 +13,7 @@
CHECK_ID_extra7133="7.133"
CHECK_TITLE_extra7133="[extra7133] Check if RDS instances have multi-AZ enabled"
CHECK_SCORED_extra7133="NOT_SCORED"
-CHECK_TYPE_extra7133="EXTRA"
+CHECK_CIS_LEVEL_extra7133="EXTRA"
CHECK_SEVERITY_extra7133="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7133="AwsRdsDbInstance"
CHECK_ALTERNATE_check7133="extra7133"
diff --git a/checks/check_extra7134 b/checks/check_extra7134
index 4d649f83..14f2b957 100644
--- a/checks/check_extra7134
+++ b/checks/check_extra7134
@@ -13,7 +13,7 @@
CHECK_ID_extra7134="7.134"
CHECK_TITLE_extra7134="[extra7134] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21 "
CHECK_SCORED_extra7134="NOT_SCORED"
-CHECK_TYPE_extra7134="EXTRA"
+CHECK_CIS_LEVEL_extra7134="EXTRA"
CHECK_SEVERITY_extra7134="High"
CHECK_ASFF_RESOURCE_TYPE_extra7134="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check7134="extra7134"
diff --git a/checks/check_extra7135 b/checks/check_extra7135
index 42a27bfb..2788b54e 100644
--- a/checks/check_extra7135
+++ b/checks/check_extra7135
@@ -13,7 +13,7 @@
CHECK_ID_extra7135="7.135"
CHECK_TITLE_extra7135="[extra7135] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092 "
CHECK_SCORED_extra7135="NOT_SCORED"
-CHECK_TYPE_extra7135="EXTRA"
+CHECK_CIS_LEVEL_extra7135="EXTRA"
CHECK_SEVERITY_extra7135="High"
CHECK_ASFF_RESOURCE_TYPE_extra7135="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check7135="extra7135"
diff --git a/checks/check_extra7136 b/checks/check_extra7136
index 7b440031..b7779b6f 100644
--- a/checks/check_extra7136
+++ b/checks/check_extra7136
@@ -13,7 +13,7 @@
CHECK_ID_extra7136="7.136"
CHECK_TITLE_extra7136="[extra7136] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23 "
CHECK_SCORED_extra7136="NOT_SCORED"
-CHECK_TYPE_extra7136="EXTRA"
+CHECK_CIS_LEVEL_extra7136="EXTRA"
CHECK_SEVERITY_extra7136="High"
CHECK_ASFF_RESOURCE_TYPE_extra7136="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check7136="extra7136"
diff --git a/checks/check_extra7137 b/checks/check_extra7137
index 754acc5f..5759927e 100644
--- a/checks/check_extra7137
+++ b/checks/check_extra7137
@@ -13,7 +13,7 @@
CHECK_ID_extra7137="7.137"
CHECK_TITLE_extra7137="[extra7137] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434 "
CHECK_SCORED_extra7137="NOT_SCORED"
-CHECK_TYPE_extra7137="EXTRA"
+CHECK_CIS_LEVEL_extra7137="EXTRA"
CHECK_SEVERITY_extra7137="High"
CHECK_ASFF_RESOURCE_TYPE_extra7137="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check7137="extra7137"
diff --git a/checks/check_extra7138 b/checks/check_extra7138
index c1704c67..f164aa62 100644
--- a/checks/check_extra7138
+++ b/checks/check_extra7138
@@ -13,7 +13,7 @@
CHECK_ID_extra7138="7.138"
CHECK_TITLE_extra7138="[extra7138] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port"
CHECK_SCORED_extra7138="NOT SCORED"
-CHECK_TYPE_extra7138="LEVEL2"
+CHECK_CIS_LEVEL_extra7138="LEVEL2"
CHECK_SEVERITY_extra7138="High"
CHECK_ASFF_TYPE_extra7138="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ASFF_RESOURCE_TYPE_extra7138="AwsEc2NetworkAcl"
diff --git a/checks/check_extra7139 b/checks/check_extra7139
index b38ddba6..094037ee 100644
--- a/checks/check_extra7139
+++ b/checks/check_extra7139
@@ -12,7 +12,7 @@
CHECK_ID_extra7139="7.139"
CHECK_TITLE_extra7139="[extra7139] There are High severity GuardDuty findings "
CHECK_SCORED_extra7139="NOT_SCORED"
-CHECK_TYPE_extra7139="EXTRA"
+CHECK_CIS_LEVEL_extra7139="EXTRA"
CHECK_SEVERITY_extra7139="High"
CHECK_ASFF_RESOURCE_TYPE_extra7139="AwsGuardDutyDetector"
CHECK_ALTERNATE_check7139="extra7139"
diff --git a/checks/check_extra714 b/checks/check_extra714
index 27681e1f..40d2c679 100644
--- a/checks/check_extra714
+++ b/checks/check_extra714
@@ -13,7 +13,7 @@
CHECK_ID_extra714="7.14"
CHECK_TITLE_extra714="[extra714] Check if CloudFront distributions have logging enabled"
CHECK_SCORED_extra714="NOT_SCORED"
-CHECK_TYPE_extra714="EXTRA"
+CHECK_CIS_LEVEL_extra714="EXTRA"
CHECK_SEVERITY_extra714="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra714="AwsCloudFrontDistribution"
CHECK_ALTERNATE_check714="extra714"
diff --git a/checks/check_extra7140 b/checks/check_extra7140
index 4b34c7a5..42f93e72 100644
--- a/checks/check_extra7140
+++ b/checks/check_extra7140
@@ -12,7 +12,7 @@
CHECK_ID_extra7140="7.140"
CHECK_TITLE_extra7140="[extra7140] Check if there are SSM Documents set as public"
CHECK_SCORED_extra7140="NOT_SCORED"
-CHECK_TYPE_extra7140="EXTRA"
+CHECK_CIS_LEVEL_extra7140="EXTRA"
CHECK_SEVERITY_extra7140="High"
CHECK_ASFF_RESOURCE_TYPE_extra7140="AwsSsmDocument"
CHECK_ALTERNATE_check7140="extra7140"
diff --git a/checks/check_extra7141 b/checks/check_extra7141
index ff4ce69c..3b828cdd 100644
--- a/checks/check_extra7141
+++ b/checks/check_extra7141
@@ -13,7 +13,7 @@
CHECK_ID_extra7141="7.141"
CHECK_TITLE_extra7141="[extra7141] Find secrets in SSM Documents"
CHECK_SCORED_extra7141="NOT_SCORED"
-CHECK_TYPE_extra7141="EXTRA"
+CHECK_CIS_LEVEL_extra7141="EXTRA"
CHECK_SEVERITY_extra7141="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra7141="AwsSsmDocument"
CHECK_ALTERNATE_check7141="extra7141"
diff --git a/checks/check_extra7142 b/checks/check_extra7142
index 2f160257..9900d46d 100644
--- a/checks/check_extra7142
+++ b/checks/check_extra7142
@@ -13,7 +13,7 @@
CHECK_ID_extra7142="7.142"
CHECK_TITLE_extra7142="[extra7142] Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling"
CHECK_SCORED_extra7142="NOT_SCORED"
-CHECK_TYPE_extra7142="EXTRA"
+CHECK_CIS_LEVEL_extra7142="EXTRA"
CHECK_SEVERITY_extra7142="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7142="AwsElasticLoadBalancingV2LoadBalancer"
CHECK_ALTERNATE_check7142="extra7142"
diff --git a/checks/check_extra7143 b/checks/check_extra7143
index 09f24131..a4bdac62 100644
--- a/checks/check_extra7143
+++ b/checks/check_extra7143
@@ -13,7 +13,7 @@
CHECK_ID_extra7143="7.143"
CHECK_TITLE_extra7143="[extra7143] Check if EFS have policies which allow access to everyone"
CHECK_SCORED_extra7143="NOT_SCORED"
-CHECK_TYPE_extra7143="EXTRA"
+CHECK_CIS_LEVEL_extra7143="EXTRA"
CHECK_SEVERITY_extra7143="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra7143="AwsEFS"
CHECK_ALTERNATE_check7143="extra7143"
diff --git a/checks/check_extra7144 b/checks/check_extra7144
index 5fc9a270..2bdc0dc7 100644
--- a/checks/check_extra7144
+++ b/checks/check_extra7144
@@ -13,7 +13,7 @@
CHECK_ID_extra7144="7.144"
CHECK_TITLE_extra7144="[extra7144] Check if CloudWatch has allowed cross-account sharing"
CHECK_SCORED_extra7144="NOT_SCORED"
-CHECK_TYPE_extra7144="EXTRA"
+CHECK_CIS_LEVEL_extra7144="EXTRA"
CHECK_SEVERITY_extra7144="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7144="AwsCloudWatch"
CHECK_ALTERNATE_check7144="extra7144"
diff --git a/checks/check_extra7145 b/checks/check_extra7145
index fa74b27b..8ef77601 100644
--- a/checks/check_extra7145
+++ b/checks/check_extra7145
@@ -13,7 +13,7 @@
CHECK_ID_extra7145="7.145"
CHECK_TITLE_extra7145="[extra7145] Check if Lambda functions have policies which allow access to any AWS account"
CHECK_SCORED_extra7145="NOT_SCORED"
-CHECK_TYPE_extra7145="EXTRA"
+CHECK_CIS_LEVEL_extra7145="EXTRA"
CHECK_SEVERITY_extra7145="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra7145="AwsLambda"
CHECK_ALTERNATE_check7145="extra7145"
diff --git a/checks/check_extra7146 b/checks/check_extra7146
index 92ffb813..78e56683 100644
--- a/checks/check_extra7146
+++ b/checks/check_extra7146
@@ -13,7 +13,7 @@
CHECK_ID_extra7146="7.146"
CHECK_TITLE_extra7146="[extra7146] Check if there is any unassigned Elastic IP"
CHECK_SCORED_extra7146="NOT_SCORED"
-CHECK_TYPE_extra7146="EXTRA"
+CHECK_CIS_LEVEL_extra7146="EXTRA"
CHECK_SEVERITY_extra7146="Low"
CHECK_ASFF_RESOURCE_TYPE_extra7146="AwsElasticIPs"
CHECK_ALTERNATE_check7146="extra7146"
diff --git a/checks/check_extra7147 b/checks/check_extra7147
index cff62c59..f14e1949 100644
--- a/checks/check_extra7147
+++ b/checks/check_extra7147
@@ -13,7 +13,7 @@
CHECK_ID_extra7147="7.147"
CHECK_TITLE_extra7147="[extra7147] Check if S3 Glacier vaults have policies which allow access to everyone"
CHECK_SCORED_extra7147="NOT_SCORED"
-CHECK_TYPE_extra7147="EXTRA"
+CHECK_CIS_LEVEL_extra7147="EXTRA"
CHECK_SEVERITY_extra7147="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra7147="AwsGlacierVault"
CHECK_ALTERNATE_check7147="extra7142"
diff --git a/checks/check_extra7148 b/checks/check_extra7148
index 1120478e..c69805b5 100644
--- a/checks/check_extra7148
+++ b/checks/check_extra7148
@@ -13,7 +13,7 @@
CHECK_ID_extra7148="7.148"
CHECK_TITLE_extra7148="[extra7148] Check if EFS File systems have backup enabled"
CHECK_SCORED_extra7148="NOT_SCORED"
-CHECK_TYPE_extra7148="EXTRA"
+CHECK_CIS_LEVEL_extra7148="EXTRA"
CHECK_SEVERITY_extra7148="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7148="AwsEfsFileSystem"
CHECK_ALTERNATE_check7148="extra7148"
diff --git a/checks/check_extra7149 b/checks/check_extra7149
index 85b35e6f..259947d8 100644
--- a/checks/check_extra7149
+++ b/checks/check_extra7149
@@ -13,7 +13,7 @@
CHECK_ID_extra7149="7.149"
CHECK_TITLE_extra7149="[extra7149] Check if Redshift Clusters have automated snapshots enabled"
CHECK_SCORED_extra7149="NOT_SCORED"
-CHECK_TYPE_extra7149="EXTRA"
+CHECK_CIS_LEVEL_extra7149="EXTRA"
CHECK_SEVERITY_extra7149="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7149="AwsRedshiftCluster"
CHECK_ALTERNATE_check7149="extra7149"
diff --git a/checks/check_extra715 b/checks/check_extra715
index 2ce8d287..b5ccdb0e 100644
--- a/checks/check_extra715
+++ b/checks/check_extra715
@@ -13,7 +13,7 @@
CHECK_ID_extra715="7.15"
CHECK_TITLE_extra715="[extra715] Check if Amazon Elasticsearch Service (ES) domains have logging enabled"
CHECK_SCORED_extra715="NOT_SCORED"
-CHECK_TYPE_extra715="EXTRA"
+CHECK_CIS_LEVEL_extra715="EXTRA"
CHECK_SEVERITY_extra715="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra715="AwsElasticsearchDomain"
CHECK_ALTERNATE_check715="extra715"
diff --git a/checks/check_extra7150 b/checks/check_extra7150
index 26940ad9..673a3da8 100644
--- a/checks/check_extra7150
+++ b/checks/check_extra7150
@@ -13,7 +13,7 @@
CHECK_ID_extra7150="7.150"
CHECK_TITLE_extra7150="[extra7150] Check if Elastic Load Balancers have deletion protection enabled"
CHECK_SCORED_extra7150="NOT_SCORED"
-CHECK_TYPE_extra7150="EXTRA"
+CHECK_CIS_LEVEL_extra7150="EXTRA"
CHECK_SEVERITY_extra7150="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7150="AwsElbLoadBalancer"
CHECK_ALTERNATE_check7150="extra7150"
diff --git a/checks/check_extra7151 b/checks/check_extra7151
index c06d3f74..a17a3673 100644
--- a/checks/check_extra7151
+++ b/checks/check_extra7151
@@ -14,7 +14,7 @@
CHECK_ID_extra7151="7.151"
CHECK_TITLE_extra7151="[extra7151] Check if DynamoDB tables point-in-time recovery (PITR) is enabled"
CHECK_SCORED_extra7151="NOT_SCORED"
-CHECK_TYPE_extra7151="EXTRA"
+CHECK_CIS_LEVEL_extra7151="EXTRA"
CHECK_SEVERITY_extra7151="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7151="AwsDynamoDbTable"
CHECK_ALTERNATE_check7151="extra7151"
diff --git a/checks/check_extra7152 b/checks/check_extra7152
index f2a906fd..e205de31 100644
--- a/checks/check_extra7152
+++ b/checks/check_extra7152
@@ -25,7 +25,7 @@
CHECK_ID_extra7152="7.152"
CHECK_TITLE_extra7152="[extra7152] Enable Privacy Protection for for a Route53 Domain"
CHECK_SCORED_extra7152="NOT_SCORED"
-CHECK_TYPE_extra7152="EXTRA"
+CHECK_CIS_LEVEL_extra7152="EXTRA"
CHECK_SEVERITY_extra7152="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7152="AwsRoute53Domain"
CHECK_ALTERNATE_check7152="extra7152"
diff --git a/checks/check_extra7153 b/checks/check_extra7153
index e281faf8..eee485c5 100644
--- a/checks/check_extra7153
+++ b/checks/check_extra7153
@@ -22,7 +22,7 @@
CHECK_ID_extra7153="7.153"
CHECK_TITLE_extra7153="[extra7153] Enable Transfer Lock for a Route53 Domain"
CHECK_SCORED_extra7153="NOT_SCORED"
-CHECK_TYPE_extra7153="EXTRA"
+CHECK_CIS_LEVEL_extra7153="EXTRA"
CHECK_SEVERITY_extra7153="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7153="AwsRoute53Domain"
CHECK_ALTERNATE_check7153="extra7153"
diff --git a/checks/check_extra7154 b/checks/check_extra7154
index 0b7394be..2fc74a6f 100644
--- a/checks/check_extra7154
+++ b/checks/check_extra7154
@@ -22,7 +22,7 @@
CHECK_ID_extra7154="7.154"
CHECK_TITLE_extra7154="[extra7154] Enable termination protection for Cloudformation Stacks"
CHECK_SCORED_extra7154="NOT_SCORED"
-CHECK_TYPE_extra7154="EXTRA"
+CHECK_CIS_LEVEL_extra7154="EXTRA"
CHECK_SEVERITY_extra7154="MEDIUM"
CHECK_ASFF_RESOURCE_TYPE_extra7154="AwsCloudFormationStack"
CHECK_ALTERNATE_check7154="extra7154"
diff --git a/checks/check_extra7155 b/checks/check_extra7155
index 6f265f40..c51d6669 100644
--- a/checks/check_extra7155
+++ b/checks/check_extra7155
@@ -21,7 +21,7 @@
CHECK_ID_extra7155="7.155"
CHECK_TITLE_extra7155="[extra7155] Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode"
CHECK_SCORED_extra7155="NOT_SCORED"
-CHECK_TYPE_extra7155="EXTRA"
+CHECK_CIS_LEVEL_extra7155="EXTRA"
CHECK_SEVERITY_extra7155="MEDIUM"
CHECK_ASFF_RESOURCE_TYPE_extra7155="AwsElasticLoadBalancingV2LoadBalancer"
CHECK_ALTERNATE_check7155="extra7155"
diff --git a/checks/check_extra7156 b/checks/check_extra7156
index 2d9f5cec..529c0616 100644
--- a/checks/check_extra7156
+++ b/checks/check_extra7156
@@ -14,7 +14,7 @@
CHECK_ID_extra7156="7.156"
CHECK_TITLE_extra7156="[extra7156] Checks if API Gateway V2 has Access Logging enabled"
CHECK_SCORED_extra7156="NOT_SCORED"
-CHECK_TYPE_extra7156="EXTRA"
+CHECK_CIS_LEVEL_extra7156="EXTRA"
CHECK_SEVERITY_extra7156="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7156="AwsApiGatewayV2Api"
CHECK_ALTERNATE_check7156="extra7156"
diff --git a/checks/check_extra7157 b/checks/check_extra7157
index a19324ea..ec62f4a8 100644
--- a/checks/check_extra7157
+++ b/checks/check_extra7157
@@ -13,7 +13,7 @@
CHECK_ID_extra7157="7.157"
CHECK_TITLE_extra7157="[extra7157] Check if API Gateway V2 has configured authorizers"
CHECK_SCORED_extra7157="NOT_SCORED"
-CHECK_TYPE_extra7157="EXTRA"
+CHECK_CIS_LEVEL_extra7157="EXTRA"
CHECK_SEVERITY_extra7157="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7157="AwsApiGatewayV2Api"
CHECK_ALTERNATE_check746="extra7157"
diff --git a/checks/check_extra7158 b/checks/check_extra7158
index 2ab4a885..3aaf74ec 100644
--- a/checks/check_extra7158
+++ b/checks/check_extra7158
@@ -13,7 +13,7 @@
CHECK_ID_extra7158="7.158"
CHECK_TITLE_extra7158="[extra7158] Check if ELBV2 has listeners underneath"
CHECK_SCORED_extra7158="NOT_SCORED"
-CHECK_TYPE_extra7158="EXTRA"
+CHECK_CIS_LEVEL_extra7158="EXTRA"
CHECK_SEVERITY_extra7158="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7158="AwsElbv2LoadBalancer"
CHECK_ALTERNATE_check7158="extra7158"
diff --git a/checks/check_extra7159 b/checks/check_extra7159
index a4fcbcd3..58437519 100644
--- a/checks/check_extra7159
+++ b/checks/check_extra7159
@@ -13,7 +13,7 @@
CHECK_ID_extra7159="7.159"
CHECK_TITLE_extra7159="[extra7159] Check if ELB has listeners underneath"
CHECK_SCORED_extra7159="NOT_SCORED"
-CHECK_TYPE_extra7159="EXTRA"
+CHECK_CIS_LEVEL_extra7159="EXTRA"
CHECK_SEVERITY_extra7159="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra7159="AwsElbLoadBalancer"
CHECK_ALTERNATE_check7159="extra7159"
diff --git a/checks/check_extra716 b/checks/check_extra716
index 9a307f67..08f2271d 100644
--- a/checks/check_extra716
+++ b/checks/check_extra716
@@ -13,7 +13,7 @@
CHECK_ID_extra716="7.16"
CHECK_TITLE_extra716="[extra716] Check if Amazon Elasticsearch Service (ES) domains are set as Public or if it has open policy access"
CHECK_SCORED_extra716="NOT_SCORED"
-CHECK_TYPE_extra716="EXTRA"
+CHECK_CIS_LEVEL_extra716="EXTRA"
CHECK_SEVERITY_extra716="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra716="AwsElasticsearchDomain"
CHECK_ALTERNATE_check716="extra716"
diff --git a/checks/check_extra717 b/checks/check_extra717
index f2f8996c..aa42a36e 100644
--- a/checks/check_extra717
+++ b/checks/check_extra717
@@ -13,7 +13,7 @@
CHECK_ID_extra717="7.17"
CHECK_TITLE_extra717="[extra717] Check if Elastic Load Balancers have logging enabled"
CHECK_SCORED_extra717="NOT_SCORED"
-CHECK_TYPE_extra717="EXTRA"
+CHECK_CIS_LEVEL_extra717="EXTRA"
CHECK_SEVERITY_extra717="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra717="AwsElbLoadBalancer"
CHECK_ALTERNATE_check717="extra717"
diff --git a/checks/check_extra718 b/checks/check_extra718
index 8e1e8020..c747e1c8 100644
--- a/checks/check_extra718
+++ b/checks/check_extra718
@@ -13,7 +13,7 @@
CHECK_ID_extra718="7.18"
CHECK_TITLE_extra718="[extra718] Check if S3 buckets have server access logging enabled"
CHECK_SCORED_extra718="NOT_SCORED"
-CHECK_TYPE_extra718="EXTRA"
+CHECK_CIS_LEVEL_extra718="EXTRA"
CHECK_SEVERITY_extra718="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra718="AwsS3Bucket"
CHECK_ALTERNATE_check718="extra718"
diff --git a/checks/check_extra719 b/checks/check_extra719
index b3435656..20ad0a80 100644
--- a/checks/check_extra719
+++ b/checks/check_extra719
@@ -13,7 +13,7 @@
CHECK_ID_extra719="7.19"
CHECK_TITLE_extra719="[extra719] Check if Route53 public hosted zones are logging queries to CloudWatch Logs"
CHECK_SCORED_extra719="NOT_SCORED"
-CHECK_TYPE_extra719="EXTRA"
+CHECK_CIS_LEVEL_extra719="EXTRA"
CHECK_SEVERITY_extra719="Medium"
CHECK_ALTERNATE_check719="extra719"
CHECK_ASFF_RESOURCE_TYPE_extra719="AwsRoute53HostedZone"
diff --git a/checks/check_extra72 b/checks/check_extra72
index 0d088896..019bfb26 100644
--- a/checks/check_extra72
+++ b/checks/check_extra72
@@ -13,7 +13,7 @@
CHECK_ID_extra72="7.2"
CHECK_TITLE_extra72="[extra72] Ensure there are no EBS Snapshots set as Public"
CHECK_SCORED_extra72="NOT_SCORED"
-CHECK_TYPE_extra72="EXTRA"
+CHECK_CIS_LEVEL_extra72="EXTRA"
CHECK_SEVERITY_extra72="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra72="AwsEc2Snapshot"
CHECK_ALTERNATE_extra702="extra72"
diff --git a/checks/check_extra720 b/checks/check_extra720
index 06608532..7f035229 100644
--- a/checks/check_extra720
+++ b/checks/check_extra720
@@ -13,7 +13,7 @@
CHECK_ID_extra720="7.20"
CHECK_TITLE_extra720="[extra720] Check if Lambda functions invoke API operations are being recorded by CloudTrail"
CHECK_SCORED_extra720="NOT_SCORED"
-CHECK_TYPE_extra720="EXTRA"
+CHECK_CIS_LEVEL_extra720="EXTRA"
CHECK_SEVERITY_extra720="Low"
CHECK_ASFF_RESOURCE_TYPE_extra720="AwsLambdaFunction"
CHECK_ALTERNATE_check720="extra720"
diff --git a/checks/check_extra721 b/checks/check_extra721
index 8b2e54bf..7d63b0ee 100644
--- a/checks/check_extra721
+++ b/checks/check_extra721
@@ -13,7 +13,7 @@
CHECK_ID_extra721="7.21"
CHECK_TITLE_extra721="[extra721] Check if Redshift cluster has audit logging enabled"
CHECK_SCORED_extra721="NOT_SCORED"
-CHECK_TYPE_extra721="EXTRA"
+CHECK_CIS_LEVEL_extra721="EXTRA"
CHECK_SEVERITY_extra721="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra721="AwsRedshiftCluster"
CHECK_ALTERNATE_check721="extra721"
diff --git a/checks/check_extra722 b/checks/check_extra722
index 4db8470c..3def51c4 100644
--- a/checks/check_extra722
+++ b/checks/check_extra722
@@ -13,7 +13,7 @@
CHECK_ID_extra722="7.22"
CHECK_TITLE_extra722="[extra722] Check if API Gateway has logging enabled"
CHECK_SCORED_extra722="NOT_SCORED"
-CHECK_TYPE_extra722="EXTRA"
+CHECK_CIS_LEVEL_extra722="EXTRA"
CHECK_SEVERITY_extra722="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra722="AwsApiGatewayRestApi"
CHECK_ALTERNATE_check722="extra722"
diff --git a/checks/check_extra723 b/checks/check_extra723
index 9653b956..11a746ec 100644
--- a/checks/check_extra723
+++ b/checks/check_extra723
@@ -13,7 +13,7 @@
CHECK_ID_extra723="7.23"
CHECK_TITLE_extra723="[extra723] Check if RDS Snapshots and Cluster Snapshots are public"
CHECK_SCORED_extra723="NOT_SCORED"
-CHECK_TYPE_extra723="EXTRA"
+CHECK_CIS_LEVEL_extra723="EXTRA"
CHECK_SEVERITY_extra723="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra723="AwsRdsDbSnapshot"
CHECK_ALTERNATE_check723="extra723"
diff --git a/checks/check_extra724 b/checks/check_extra724
index e0b2497f..25ff48e6 100644
--- a/checks/check_extra724
+++ b/checks/check_extra724
@@ -13,7 +13,7 @@
CHECK_ID_extra724="7.24"
CHECK_TITLE_extra724="[extra724] Check if ACM certificates have Certificate Transparency logging enabled"
CHECK_SCORED_extra724="NOT_SCORED"
-CHECK_TYPE_extra724="EXTRA"
+CHECK_CIS_LEVEL_extra724="EXTRA"
CHECK_SEVERITY_extra724="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra724="AwsCertificateManagerCertificate"
CHECK_ALTERNATE_check724="extra724"
diff --git a/checks/check_extra725 b/checks/check_extra725
index 4100b083..3f1edcf3 100644
--- a/checks/check_extra725
+++ b/checks/check_extra725
@@ -14,7 +14,7 @@
CHECK_ID_extra725="7.25"
CHECK_TITLE_extra725="[extra725] Check if S3 buckets have Object-level logging enabled in CloudTrail"
CHECK_SCORED_extra725="NOT_SCORED"
-CHECK_TYPE_extra725="EXTRA"
+CHECK_CIS_LEVEL_extra725="EXTRA"
CHECK_SEVERITY_extra725="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra725="AwsS3Bucket"
CHECK_ALTERNATE_check725="extra725"
diff --git a/checks/check_extra726 b/checks/check_extra726
index 76de3c84..ac61aaea 100644
--- a/checks/check_extra726
+++ b/checks/check_extra726
@@ -14,7 +14,7 @@
CHECK_ID_extra726="7.26"
CHECK_TITLE_extra726="[extra726] Check Trusted Advisor for errors and warnings"
CHECK_SCORED_extra726="NOT_SCORED"
-CHECK_TYPE_extra726="EXTRA"
+CHECK_CIS_LEVEL_extra726="EXTRA"
CHECK_SEVERITY_extra726="Medium"
CHECK_ALTERNATE_check726="extra726"
CHECK_SERVICENAME_extra726="trustedadvisor"
diff --git a/checks/check_extra727 b/checks/check_extra727
index 797401be..e66962be 100644
--- a/checks/check_extra727
+++ b/checks/check_extra727
@@ -14,7 +14,7 @@
CHECK_ID_extra727="7.27"
CHECK_TITLE_extra727="[extra727] Check if SQS queues have policy set as Public"
CHECK_SCORED_extra727="NOT_SCORED"
-CHECK_TYPE_extra727="EXTRA"
+CHECK_CIS_LEVEL_extra727="EXTRA"
CHECK_SEVERITY_extra727="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra727="AwsSqsQueue"
CHECK_ALTERNATE_check727="extra727"
diff --git a/checks/check_extra728 b/checks/check_extra728
index f7589af1..629d6029 100644
--- a/checks/check_extra728
+++ b/checks/check_extra728
@@ -14,7 +14,7 @@
CHECK_ID_extra728="7.28"
CHECK_TITLE_extra728="[extra728] Check if SQS queues have Server Side Encryption enabled"
CHECK_SCORED_extra728="NOT_SCORED"
-CHECK_TYPE_extra728="EXTRA"
+CHECK_CIS_LEVEL_extra728="EXTRA"
CHECK_SEVERITY_extra728="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra728="AwsSqsQueue"
CHECK_ALTERNATE_check728="extra728"
diff --git a/checks/check_extra729 b/checks/check_extra729
index 743e568d..5a839e5e 100644
--- a/checks/check_extra729
+++ b/checks/check_extra729
@@ -14,7 +14,7 @@
CHECK_ID_extra729="7.29"
CHECK_TITLE_extra729="[extra729] Ensure there are no EBS Volumes unencrypted"
CHECK_SCORED_extra729="NOT_SCORED"
-CHECK_TYPE_extra729="EXTRA"
+CHECK_CIS_LEVEL_extra729="EXTRA"
CHECK_SEVERITY_extra729="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra729="AwsEc2Volume"
CHECK_ALTERNATE_check729="extra729"
diff --git a/checks/check_extra73 b/checks/check_extra73
index c2329607..6bb99f69 100644
--- a/checks/check_extra73
+++ b/checks/check_extra73
@@ -14,7 +14,7 @@
CHECK_ID_extra73="7.3"
CHECK_TITLE_extra73="[extra73] Ensure there are no S3 buckets open to Everyone or Any AWS user"
CHECK_SCORED_extra73="NOT_SCORED"
-CHECK_TYPE_extra73="EXTRA"
+CHECK_CIS_LEVEL_extra73="EXTRA"
CHECK_SEVERITY_extra73="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra73="AwsS3Bucket"
CHECK_ALTERNATE_extra703="extra73"
diff --git a/checks/check_extra730 b/checks/check_extra730
index 706922fa..ed013af9 100644
--- a/checks/check_extra730
+++ b/checks/check_extra730
@@ -16,7 +16,7 @@ DAYS_TO_EXPIRE_THRESHOLD="7"
CHECK_ID_extra730="7.30"
CHECK_TITLE_extra730="[extra730] Check if ACM Certificates are about to expire in $DAYS_TO_EXPIRE_THRESHOLD days or less"
CHECK_SCORED_extra730="NOT_SCORED"
-CHECK_TYPE_extra730="EXTRA"
+CHECK_CIS_LEVEL_extra730="EXTRA"
CHECK_SEVERITY_extra730="High"
CHECK_ASFF_RESOURCE_TYPE_extra730="AwsCertificateManagerCertificate"
CHECK_ALTERNATE_check730="extra730"
diff --git a/checks/check_extra731 b/checks/check_extra731
index 3a5eec01..fcda11fa 100644
--- a/checks/check_extra731
+++ b/checks/check_extra731
@@ -14,7 +14,7 @@
CHECK_ID_extra731="7.31"
CHECK_TITLE_extra731="[extra731] Check if SNS topics have policy set as Public"
CHECK_SCORED_extra731="NOT_SCORED"
-CHECK_TYPE_extra731="EXTRA"
+CHECK_CIS_LEVEL_extra731="EXTRA"
CHECK_SEVERITY_extra731="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra731="AwsSnsTopic"
CHECK_ALTERNATE_check731="extra731"
diff --git a/checks/check_extra732 b/checks/check_extra732
index 3b584d34..6cbb715d 100644
--- a/checks/check_extra732
+++ b/checks/check_extra732
@@ -14,7 +14,7 @@
CHECK_ID_extra732="7.32"
CHECK_TITLE_extra732="[extra732] Check if Geo restrictions are enabled in CloudFront distributions"
CHECK_SCORED_extra732="NOT_SCORED"
-CHECK_TYPE_extra732="EXTRA"
+CHECK_CIS_LEVEL_extra732="EXTRA"
CHECK_SEVERITY_extra732="Low"
CHECK_ASFF_RESOURCE_TYPE_extra732="AwsCloudFrontDistribution"
CHECK_ALTERNATE_check732="extra732"
diff --git a/checks/check_extra733 b/checks/check_extra733
index 24ea3275..4359bddb 100644
--- a/checks/check_extra733
+++ b/checks/check_extra733
@@ -14,7 +14,7 @@
CHECK_ID_extra733="7.33"
CHECK_TITLE_extra733="[extra733] Check if there are SAML Providers then STS can be used"
CHECK_SCORED_extra733="NOT_SCORED"
-CHECK_TYPE_extra733="EXTRA"
+CHECK_CIS_LEVEL_extra733="EXTRA"
CHECK_SEVERITY_extra733="Low"
CHECK_ALTERNATE_check733="extra733"
CHECK_ASFF_COMPLIANCE_TYPE_extra733="ens-op.acc.1.aws.iam.1"
diff --git a/checks/check_extra734 b/checks/check_extra734
index 3c33ef7b..08646604 100644
--- a/checks/check_extra734
+++ b/checks/check_extra734
@@ -13,7 +13,7 @@
CHECK_ID_extra734="7.34"
CHECK_TITLE_extra734="[extra734] Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it"
CHECK_SCORED_extra734="NOT_SCORED"
-CHECK_TYPE_extra734="EXTRA"
+CHECK_CIS_LEVEL_extra734="EXTRA"
CHECK_SEVERITY_extra734="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra734="AwsS3Bucket"
CHECK_ALTERNATE_check734="extra734"
diff --git a/checks/check_extra735 b/checks/check_extra735
index 72cb30f9..0d7a88aa 100644
--- a/checks/check_extra735
+++ b/checks/check_extra735
@@ -13,7 +13,7 @@
CHECK_ID_extra735="7.35"
CHECK_TITLE_extra735="[extra735] Check if RDS instances storage is encrypted"
CHECK_SCORED_extra735="NOT_SCORED"
-CHECK_TYPE_extra735="EXTRA"
+CHECK_CIS_LEVEL_extra735="EXTRA"
CHECK_SEVERITY_extra735="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra735="AwsRdsDbInstance"
CHECK_ALTERNATE_check735="extra735"
diff --git a/checks/check_extra736 b/checks/check_extra736
index 725f5423..2fb4c4bc 100644
--- a/checks/check_extra736
+++ b/checks/check_extra736
@@ -13,7 +13,7 @@
CHECK_ID_extra736="7.36"
CHECK_TITLE_extra736="[extra736] Check exposed KMS keys"
CHECK_SCORED_extra736="NOT_SCORED"
-CHECK_TYPE_extra736="EXTRA"
+CHECK_CIS_LEVEL_extra736="EXTRA"
CHECK_SEVERITY_extra736="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra736="AwsKmsKey"
CHECK_ALTERNATE_check736="extra736"
diff --git a/checks/check_extra738 b/checks/check_extra738
index 2a637a9d..10b97118 100644
--- a/checks/check_extra738
+++ b/checks/check_extra738
@@ -13,7 +13,7 @@
CHECK_ID_extra738="7.38"
CHECK_TITLE_extra738="[extra738] Check if CloudFront distributions are set to HTTPS"
CHECK_SCORED_extra738="NOT_SCORED"
-CHECK_TYPE_extra738="EXTRA"
+CHECK_CIS_LEVEL_extra738="EXTRA"
CHECK_SEVERITY_extra738="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra738="AwsCloudFrontDistribution"
CHECK_ALTERNATE_check738="extra738"
diff --git a/checks/check_extra739 b/checks/check_extra739
index 0dea5d78..2f998df0 100644
--- a/checks/check_extra739
+++ b/checks/check_extra739
@@ -13,7 +13,7 @@
CHECK_ID_extra739="7.39"
CHECK_TITLE_extra739="[extra739] Check if RDS instances have backup enabled"
CHECK_SCORED_extra739="NOT_SCORED"
-CHECK_TYPE_extra739="EXTRA"
+CHECK_CIS_LEVEL_extra739="EXTRA"
CHECK_SEVERITY_extra739="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra739="AwsRdsDbInstance"
CHECK_ALTERNATE_check739="extra739"
diff --git a/checks/check_extra74 b/checks/check_extra74
index 7d94a6a9..2c57b776 100644
--- a/checks/check_extra74
+++ b/checks/check_extra74
@@ -13,7 +13,7 @@
CHECK_ID_extra74="7.4"
CHECK_TITLE_extra74="[extra74] Ensure there are no Security Groups without ingress filtering being used"
CHECK_SCORED_extra74="NOT_SCORED"
-CHECK_TYPE_extra74="EXTRA"
+CHECK_CIS_LEVEL_extra74="EXTRA"
CHECK_SEVERITY_extra74="High"
CHECK_ASFF_RESOURCE_TYPE_extra74="AwsEc2SecurityGroup"
CHECK_ALTERNATE_extra704="extra74"
diff --git a/checks/check_extra740 b/checks/check_extra740
index 7f771663..d939a305 100644
--- a/checks/check_extra740
+++ b/checks/check_extra740
@@ -13,7 +13,7 @@
CHECK_ID_extra740="7.40"
CHECK_TITLE_extra740="[extra740] Check if EBS snapshots are encrypted"
CHECK_SCORED_extra740="NOT_SCORED"
-CHECK_TYPE_extra740="EXTRA"
+CHECK_CIS_LEVEL_extra740="EXTRA"
CHECK_SEVERITY_extra740="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra740="AwsEc2Snapshot"
CHECK_ALTERNATE_check740="extra740"
diff --git a/checks/check_extra741 b/checks/check_extra741
index 3dedb4e7..8a7d87e4 100644
--- a/checks/check_extra741
+++ b/checks/check_extra741
@@ -13,7 +13,7 @@
CHECK_ID_extra741="7.41"
CHECK_TITLE_extra741="[extra741] Find secrets in EC2 User Data"
CHECK_SCORED_extra741="NOT_SCORED"
-CHECK_TYPE_extra741="EXTRA"
+CHECK_CIS_LEVEL_extra741="EXTRA"
CHECK_SEVERITY_extra741="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra741="AwsEc2Instance"
CHECK_ALTERNATE_check741="extra741"
diff --git a/checks/check_extra742 b/checks/check_extra742
index 6c78c7a9..6933c1af 100644
--- a/checks/check_extra742
+++ b/checks/check_extra742
@@ -13,7 +13,7 @@
CHECK_ID_extra742="7.42"
CHECK_TITLE_extra742="[extra742] Find secrets in CloudFormation outputs"
CHECK_SCORED_extra742="NOT_SCORED"
-CHECK_TYPE_extra742="EXTRA"
+CHECK_CIS_LEVEL_extra742="EXTRA"
CHECK_SEVERITY_extra742="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra742="AwsCloudFormationStack"
CHECK_ALTERNATE_check742="extra742"
diff --git a/checks/check_extra743 b/checks/check_extra743
index b5c365a4..b7112cf9 100644
--- a/checks/check_extra743
+++ b/checks/check_extra743
@@ -13,7 +13,7 @@
CHECK_ID_extra743="7.43"
CHECK_TITLE_extra743="[extra743] Check if API Gateway has client certificate enabled to access your backend endpoint"
CHECK_SCORED_extra743="NOT_SCORED"
-CHECK_TYPE_extra743="EXTRA"
+CHECK_CIS_LEVEL_extra743="EXTRA"
CHECK_SEVERITY_extra743="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra743="AwsApiGatewayRestApi"
CHECK_ALTERNATE_check743="extra743"
diff --git a/checks/check_extra744 b/checks/check_extra744
index 48cf6f11..a8672c94 100644
--- a/checks/check_extra744
+++ b/checks/check_extra744
@@ -13,7 +13,7 @@
CHECK_ID_extra744="7.44"
CHECK_TITLE_extra744="[extra744] Check if API Gateway has a WAF ACL attached"
CHECK_SCORED_extra744="NOT_SCORED"
-CHECK_TYPE_extra744="EXTRA"
+CHECK_CIS_LEVEL_extra744="EXTRA"
CHECK_SEVERITY_extra744="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra744="AwsApiGatewayRestApi"
CHECK_ALTERNATE_check744="extra744"
diff --git a/checks/check_extra745 b/checks/check_extra745
index 1ee49e72..37cb6b17 100644
--- a/checks/check_extra745
+++ b/checks/check_extra745
@@ -13,7 +13,7 @@
CHECK_ID_extra745="7.45"
CHECK_TITLE_extra745="[extra745] Check if API Gateway endpoint is public or private"
CHECK_SCORED_extra745="NOT_SCORED"
-CHECK_TYPE_extra745="EXTRA"
+CHECK_CIS_LEVEL_extra745="EXTRA"
CHECK_SEVERITY_extra745="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra745="AwsApiGatewayRestApi"
CHECK_ALTERNATE_check745="extra745"
diff --git a/checks/check_extra746 b/checks/check_extra746
index 638d15ef..e2ff570a 100644
--- a/checks/check_extra746
+++ b/checks/check_extra746
@@ -13,7 +13,7 @@
CHECK_ID_extra746="7.46"
CHECK_TITLE_extra746="[extra746] Check if API Gateway has configured authorizers"
CHECK_SCORED_extra746="NOT_SCORED"
-CHECK_TYPE_extra746="EXTRA"
+CHECK_CIS_LEVEL_extra746="EXTRA"
CHECK_SEVERITY_extra746="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra746="AwsApiGatewayRestApi"
CHECK_ALTERNATE_check746="extra746"
diff --git a/checks/check_extra747 b/checks/check_extra747
index 2b2ede3b..80cedad3 100644
--- a/checks/check_extra747
+++ b/checks/check_extra747
@@ -13,7 +13,7 @@
CHECK_ID_extra747="7.47"
CHECK_TITLE_extra747="[extra747] Check if RDS instances is integrated with CloudWatch Logs"
CHECK_SCORED_extra747="NOT_SCORED"
-CHECK_TYPE_extra747="EXTRA"
+CHECK_CIS_LEVEL_extra747="EXTRA"
CHECK_SEVERITY_extra747="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra747="AwsRdsDbInstance"
CHECK_ALTERNATE_check747="extra747"
diff --git a/checks/check_extra748 b/checks/check_extra748
index f46ef6c5..49c10e76 100644
--- a/checks/check_extra748
+++ b/checks/check_extra748
@@ -13,7 +13,7 @@
CHECK_ID_extra748="7.48"
CHECK_TITLE_extra748="[extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port"
CHECK_SCORED_extra748="NOT_SCORED"
-CHECK_TYPE_extra748="EXTRA"
+CHECK_CIS_LEVEL_extra748="EXTRA"
CHECK_SEVERITY_extra748="High"
CHECK_ASFF_RESOURCE_TYPE_extra748="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check748="extra748"
diff --git a/checks/check_extra749 b/checks/check_extra749
index 820d2f68..28dbaf46 100644
--- a/checks/check_extra749
+++ b/checks/check_extra749
@@ -13,7 +13,7 @@
CHECK_ID_extra749="7.49"
CHECK_TITLE_extra749="[extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483"
CHECK_SCORED_extra749="NOT_SCORED"
-CHECK_TYPE_extra749="EXTRA"
+CHECK_CIS_LEVEL_extra749="EXTRA"
CHECK_SEVERITY_extra749="High"
CHECK_ASFF_RESOURCE_TYPE_extra749="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check749="extra749"
diff --git a/checks/check_extra75 b/checks/check_extra75
index 34a05fb8..8d24a414 100644
--- a/checks/check_extra75
+++ b/checks/check_extra75
@@ -13,7 +13,7 @@
CHECK_ID_extra75="7.5"
CHECK_TITLE_extra75="[extra75] Ensure there are no Security Groups not being used"
CHECK_SCORED_extra75="NOT_SCORED"
-CHECK_TYPE_extra75="EXTRA"
+CHECK_CIS_LEVEL_extra75="EXTRA"
CHECK_SEVERITY_extra75="Informational"
CHECK_ASFF_RESOURCE_TYPE_extra75="AwsEc2SecurityGroup"
CHECK_ALTERNATE_extra705="extra75"
diff --git a/checks/check_extra750 b/checks/check_extra750
index 62dcf115..1f0f30c5 100644
--- a/checks/check_extra750
+++ b/checks/check_extra750
@@ -13,7 +13,7 @@
CHECK_ID_extra750="7.50"
CHECK_TITLE_extra750="[extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306"
CHECK_SCORED_extra750="NOT_SCORED"
-CHECK_TYPE_extra750="EXTRA"
+CHECK_CIS_LEVEL_extra750="EXTRA"
CHECK_SEVERITY_extra750="High"
CHECK_ASFF_RESOURCE_TYPE_extra750="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check750="extra750"
diff --git a/checks/check_extra751 b/checks/check_extra751
index c98cd4fe..2b31dd91 100644
--- a/checks/check_extra751
+++ b/checks/check_extra751
@@ -13,7 +13,7 @@
CHECK_ID_extra751="7.51"
CHECK_TITLE_extra751="[extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432"
CHECK_SCORED_extra751="NOT_SCORED"
-CHECK_TYPE_extra751="EXTRA"
+CHECK_CIS_LEVEL_extra751="EXTRA"
CHECK_SEVERITY_extra751="High"
CHECK_ASFF_RESOURCE_TYPE_extra751="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check751="extra751"
diff --git a/checks/check_extra752 b/checks/check_extra752
index 07aa549d..d60d32f2 100644
--- a/checks/check_extra752
+++ b/checks/check_extra752
@@ -13,7 +13,7 @@
CHECK_ID_extra752="7.52"
CHECK_TITLE_extra752="[extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379"
CHECK_SCORED_extra752="NOT_SCORED"
-CHECK_TYPE_extra752="EXTRA"
+CHECK_CIS_LEVEL_extra752="EXTRA"
CHECK_SEVERITY_extra752="High"
CHECK_ASFF_RESOURCE_TYPE_extra752="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check752="extra752"
diff --git a/checks/check_extra753 b/checks/check_extra753
index 34042b6e..bd11d24b 100644
--- a/checks/check_extra753
+++ b/checks/check_extra753
@@ -13,7 +13,7 @@
CHECK_ID_extra753="7.53"
CHECK_TITLE_extra753="[extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018"
CHECK_SCORED_extra753="NOT_SCORED"
-CHECK_TYPE_extra753="EXTRA"
+CHECK_CIS_LEVEL_extra753="EXTRA"
CHECK_SEVERITY_extra753="High"
CHECK_ASFF_RESOURCE_TYPE_extra753="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check753="extra753"
diff --git a/checks/check_extra754 b/checks/check_extra754
index 4277fe4f..a2252297 100644
--- a/checks/check_extra754
+++ b/checks/check_extra754
@@ -13,7 +13,7 @@
CHECK_ID_extra754="7.54"
CHECK_TITLE_extra754="[extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888"
CHECK_SCORED_extra754="NOT_SCORED"
-CHECK_TYPE_extra754="EXTRA"
+CHECK_CIS_LEVEL_extra754="EXTRA"
CHECK_SEVERITY_extra754="High"
CHECK_ASFF_RESOURCE_TYPE_extra754="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check754="extra754"
diff --git a/checks/check_extra755 b/checks/check_extra755
index 50430f1a..53ab014b 100644
--- a/checks/check_extra755
+++ b/checks/check_extra755
@@ -13,7 +13,7 @@
CHECK_ID_extra755="7.55"
CHECK_TITLE_extra755="[extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211"
CHECK_SCORED_extra755="NOT_SCORED"
-CHECK_TYPE_extra755="EXTRA"
+CHECK_CIS_LEVEL_extra755="EXTRA"
CHECK_SEVERITY_extra755="High"
CHECK_ASFF_RESOURCE_TYPE_extra755="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check755="extra755"
diff --git a/checks/check_extra757 b/checks/check_extra757
index 364caab7..dc603afe 100644
--- a/checks/check_extra757
+++ b/checks/check_extra757
@@ -13,7 +13,7 @@
CHECK_ID_extra757="7.57"
CHECK_TITLE_extra757="[extra757] Check EC2 Instances older than 6 months"
CHECK_SCORED_extra757="NOT_SCORED"
-CHECK_TYPE_extra757="EXTRA"
+CHECK_CIS_LEVEL_extra757="EXTRA"
CHECK_SEVERITY_extra757="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra757="AwsEc2Instance"
CHECK_ALTERNATE_check757="extra757"
diff --git a/checks/check_extra758 b/checks/check_extra758
index 0beabcf4..63129eb3 100644
--- a/checks/check_extra758
+++ b/checks/check_extra758
@@ -13,7 +13,7 @@
CHECK_ID_extra758="7.58"
CHECK_TITLE_extra758="[extra758] Check EC2 Instances older than 12 months "
CHECK_SCORED_extra758="NOT_SCORED"
-CHECK_TYPE_extra758="EXTRA"
+CHECK_CIS_LEVEL_extra758="EXTRA"
CHECK_SEVERITY_extra758="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra758="AwsEc2Instance"
CHECK_ALTERNATE_check758="extra758"
diff --git a/checks/check_extra759 b/checks/check_extra759
index 9bbf52ed..533f0445 100644
--- a/checks/check_extra759
+++ b/checks/check_extra759
@@ -13,7 +13,7 @@
CHECK_ID_extra759="7.59"
CHECK_TITLE_extra759="[extra759] Find secrets in Lambda functions variables "
CHECK_SCORED_extra759="NOT_SCORED"
-CHECK_TYPE_extra759="EXTRA"
+CHECK_CIS_LEVEL_extra759="EXTRA"
CHECK_SEVERITY_extra759="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra759="AwsLambdaFunction"
CHECK_ALTERNATE_check759="extra759"
diff --git a/checks/check_extra76 b/checks/check_extra76
index 9124b8cb..3a5d7e54 100644
--- a/checks/check_extra76
+++ b/checks/check_extra76
@@ -13,7 +13,7 @@
CHECK_ID_extra76="7.6"
CHECK_TITLE_extra76="[extra76] Ensure there are no EC2 AMIs set as Public"
CHECK_SCORED_extra76="NOT_SCORED"
-CHECK_TYPE_extra76="EXTRA"
+CHECK_CIS_LEVEL_extra76="EXTRA"
CHECK_SEVERITY_extra76="Critical"
CHECK_ALTERNATE_extra706="extra76"
CHECK_ALTERNATE_check76="extra76"
diff --git a/checks/check_extra760 b/checks/check_extra760
index ca70b83f..143ab96e 100644
--- a/checks/check_extra760
+++ b/checks/check_extra760
@@ -13,7 +13,7 @@
CHECK_ID_extra760="7.60"
CHECK_TITLE_extra760="[extra760] Find secrets in Lambda functions code "
CHECK_SCORED_extra760="NOT_SCORED"
-CHECK_TYPE_extra760="EXTRA"
+CHECK_CIS_LEVEL_extra760="EXTRA"
CHECK_SEVERITY_extra760="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra760="AwsLambdaFunction"
CHECK_ALTERNATE_check760="extra760"
diff --git a/checks/check_extra761 b/checks/check_extra761
index 34ecb953..6d10e7e1 100644
--- a/checks/check_extra761
+++ b/checks/check_extra761
@@ -13,7 +13,7 @@
CHECK_ID_extra761="7.61"
CHECK_TITLE_extra761="[extra761] Check if EBS Default Encryption is activated "
CHECK_SCORED_extra761="NOT_SCORED"
-CHECK_TYPE_extra761="EXTRA"
+CHECK_CIS_LEVEL_extra761="EXTRA"
CHECK_SEVERITY_extra761="Medium"
CHECK_ALTERNATE_check761="extra761"
CHECK_ASFF_COMPLIANCE_TYPE_extra761="ens-mp.info.3.aws.ebs.2"
diff --git a/checks/check_extra762 b/checks/check_extra762
index 2345f058..28f6c2ab 100644
--- a/checks/check_extra762
+++ b/checks/check_extra762
@@ -13,7 +13,7 @@
CHECK_ID_extra762="7.62"
CHECK_TITLE_extra762="[extra762] Find obsolete Lambda runtimes "
CHECK_SCORED_extra762="NOT_SCORED"
-CHECK_TYPE_extra762="EXTRA"
+CHECK_CIS_LEVEL_extra762="EXTRA"
CHECK_SEVERITY_extra762="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra762="AwsLambdaFunction"
CHECK_ALTERNATE_check762="extra762"
diff --git a/checks/check_extra763 b/checks/check_extra763
index d2d53e0d..765755ce 100644
--- a/checks/check_extra763
+++ b/checks/check_extra763
@@ -13,7 +13,7 @@
CHECK_ID_extra763="7.63"
CHECK_TITLE_extra763="[extra763] Check if S3 buckets have object versioning enabled "
CHECK_SCORED_extra763="NOT_SCORED"
-CHECK_TYPE_extra763="EXTRA"
+CHECK_CIS_LEVEL_extra763="EXTRA"
CHECK_SEVERITY_extra763="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra763="AwsS3Bucket"
CHECK_ALTERNATE_check763="extra763"
diff --git a/checks/check_extra764 b/checks/check_extra764
index 67a6158c..ab84e553 100644
--- a/checks/check_extra764
+++ b/checks/check_extra764
@@ -13,7 +13,7 @@
CHECK_ID_extra764="7.64"
CHECK_TITLE_extra764="[extra764] Check if S3 buckets have secure transport policy "
CHECK_SCORED_extra764="NOT_SCORED"
-CHECK_TYPE_extra764="EXTRA"
+CHECK_CIS_LEVEL_extra764="EXTRA"
CHECK_SEVERITY_extra764="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra764="AwsS3Bucket"
CHECK_ALTERNATE_check764="extra764"
diff --git a/checks/check_extra765 b/checks/check_extra765
index 38cdc508..34d417cd 100644
--- a/checks/check_extra765
+++ b/checks/check_extra765
@@ -23,7 +23,7 @@
CHECK_ID_extra765="7.65"
CHECK_TITLE_extra765="[extra765] Check if ECR image scan on push is enabled "
CHECK_SCORED_extra765="NOT_SCORED"
-CHECK_TYPE_extra765="EXTRA"
+CHECK_CIS_LEVEL_extra765="EXTRA"
CHECK_SEVERITY_extra765="Medium"
CHECK_ALTERNATE_check765="extra765"
CHECK_SERVICENAME_extra765="ecr"
diff --git a/checks/check_extra767 b/checks/check_extra767
index 7bff69fd..1b7d76d5 100644
--- a/checks/check_extra767
+++ b/checks/check_extra767
@@ -13,7 +13,7 @@
CHECK_ID_extra767="7.67"
CHECK_TITLE_extra767="[extra767] Check if CloudFront distributions have Field Level Encryption enabled "
CHECK_SCORED_extra767="NOT_SCORED"
-CHECK_TYPE_extra767="EXTRA"
+CHECK_CIS_LEVEL_extra767="EXTRA"
CHECK_SEVERITY_extra767="Low"
CHECK_ASFF_RESOURCE_TYPE_extra767="AwsCloudFrontDistribution"
CHECK_ALTERNATE_check767="extra767"
diff --git a/checks/check_extra768 b/checks/check_extra768
index c21e8114..5e59c7b8 100644
--- a/checks/check_extra768
+++ b/checks/check_extra768
@@ -13,7 +13,7 @@
CHECK_ID_extra768="7.68"
CHECK_TITLE_extra768="[extra768] Find secrets in ECS task definitions environment variables "
CHECK_SCORED_extra768="NOT_SCORED"
-CHECK_TYPE_extra768="EXTRA"
+CHECK_CIS_LEVEL_extra768="EXTRA"
CHECK_SEVERITY_extra768="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra768="AwsEcsTaskDefinition"
CHECK_ALTERNATE_check768="extra768"
diff --git a/checks/check_extra769 b/checks/check_extra769
index 00e34e00..6127c646 100644
--- a/checks/check_extra769
+++ b/checks/check_extra769
@@ -14,7 +14,7 @@
CHECK_ID_extra769="7.69"
CHECK_TITLE_extra769="[extra769] Check if IAM Access Analyzer is enabled and its findings "
CHECK_SCORED_extra769="NOT_SCORED"
-CHECK_TYPE_extra769="EXTRA"
+CHECK_CIS_LEVEL_extra769="EXTRA"
CHECK_SEVERITY_extra769="High"
CHECK_ALTERNATE_check769="extra769"
CHECK_SERVICENAME_extra769="accessanalyzer"
diff --git a/checks/check_extra77 b/checks/check_extra77
index d3cc4a50..fcbbd977 100644
--- a/checks/check_extra77
+++ b/checks/check_extra77
@@ -14,7 +14,7 @@
CHECK_ID_extra77="7.7"
CHECK_TITLE_extra77="[extra77] Ensure there are no ECR repositories set as Public"
CHECK_SCORED_extra77="NOT_SCORED"
-CHECK_TYPE_extra77="EXTRA"
+CHECK_CIS_LEVEL_extra77="EXTRA"
CHECK_SEVERITY_extra77="Critical"
CHECK_ALTERNATE_extra707="extra77"
CHECK_ALTERNATE_check77="extra77"
diff --git a/checks/check_extra770 b/checks/check_extra770
index c1e9694b..e2c3abf7 100644
--- a/checks/check_extra770
+++ b/checks/check_extra770
@@ -13,7 +13,7 @@
CHECK_ID_extra770="7.70"
CHECK_TITLE_extra770="[extra770] Check for internet facing EC2 instances with Instance Profiles attached "
CHECK_SCORED_extra770="NOT_SCORED"
-CHECK_TYPE_extra770="EXTRA"
+CHECK_CIS_LEVEL_extra770="EXTRA"
CHECK_SEVERITY_extra770="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra770="AwsEc2Instance"
CHECK_ALTERNATE_check770="extra770"
diff --git a/checks/check_extra771 b/checks/check_extra771
index a2236c00..243d6441 100644
--- a/checks/check_extra771
+++ b/checks/check_extra771
@@ -13,7 +13,7 @@
CHECK_ID_extra771="7.71"
CHECK_TITLE_extra771="[extra771] Check if S3 buckets have policies which allow WRITE access "
CHECK_SCORED_extra771="NOT_SCORED"
-CHECK_TYPE_extra771="EXTRA"
+CHECK_CIS_LEVEL_extra771="EXTRA"
CHECK_SEVERITY_extra771="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra771="AwsS3Bucket"
CHECK_ALTERNATE_check771="extra771"
diff --git a/checks/check_extra772 b/checks/check_extra772
index 93b36041..c56a7c32 100644
--- a/checks/check_extra772
+++ b/checks/check_extra772
@@ -13,7 +13,7 @@
CHECK_ID_extra772="7.72"
CHECK_TITLE_extra772="[extra772] Check if elastic IPs are unused "
CHECK_SCORED_extra772="NOT_SCORED"
-CHECK_TYPE_extra772="EXTRA"
+CHECK_CIS_LEVEL_extra772="EXTRA"
CHECK_SEVERITY_extra772="Low"
CHECK_ASFF_RESOURCE_TYPE_extra772="AwsEc2Eip"
CHECK_ALTERNATE_check772="extra772"
diff --git a/checks/check_extra773 b/checks/check_extra773
index 7c168fcd..12f0ccdf 100644
--- a/checks/check_extra773
+++ b/checks/check_extra773
@@ -13,7 +13,7 @@
CHECK_ID_extra773="7.73"
CHECK_TITLE_extra773="[extra773] Check if CloudFront distributions are using WAF "
CHECK_SCORED_extra773="NOT_SCORED"
-CHECK_TYPE_extra773="EXTRA"
+CHECK_CIS_LEVEL_extra773="EXTRA"
CHECK_SEVERITY_extra773="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra773="AwsCloudFrontDistribution"
CHECK_ALTERNATE_check773="extra773"
diff --git a/checks/check_extra774 b/checks/check_extra774
index 4fce1afe..9bdc83da 100644
--- a/checks/check_extra774
+++ b/checks/check_extra774
@@ -13,7 +13,7 @@
CHECK_ID_extra774="7.74"
CHECK_TITLE_extra774="[extra774] Ensure credentials unused for 30 days or greater are disabled"
CHECK_SCORED_extra774="NOT_SCORED"
-CHECK_TYPE_extra774="EXTRA"
+CHECK_CIS_LEVEL_extra774="EXTRA"
CHECK_SEVERITY_extra774="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra774="AwsIamUser"
CHECK_ALTERNATE_check774="extra774"
diff --git a/checks/check_extra775 b/checks/check_extra775
index 96d0d3b4..bc47823f 100644
--- a/checks/check_extra775
+++ b/checks/check_extra775
@@ -13,7 +13,7 @@
CHECK_ID_extra775="7.75"
CHECK_TITLE_extra775="[extra775] Find secrets in EC2 Auto Scaling Launch Configuration "
CHECK_SCORED_extra775="NOT_SCORED"
-CHECK_TYPE_extra775="EXTRA"
+CHECK_CIS_LEVEL_extra775="EXTRA"
CHECK_SEVERITY_extra775="Critical"
CHECK_ALTERNATE_check775="extra775"
CHECK_SERVICENAME_extra775="autoscaling"
diff --git a/checks/check_extra776 b/checks/check_extra776
index f234bb0b..97e9b7b1 100644
--- a/checks/check_extra776
+++ b/checks/check_extra776
@@ -28,7 +28,7 @@
CHECK_ID_extra776="7.76"
CHECK_TITLE_extra776="[extra776] Check if ECR image scan found vulnerabilities in the newest image version "
CHECK_SCORED_extra776="NOT_SCORED"
-CHECK_TYPE_extra776="EXTRA"
+CHECK_CIS_LEVEL_extra776="EXTRA"
CHECK_SEVERITY_extra776="Medium"
CHECK_ALTERNATE_check776="extra776"
CHECK_SERVICENAME_extra776="ecr"
diff --git a/checks/check_extra777 b/checks/check_extra777
index f79d907e..4cfc026a 100644
--- a/checks/check_extra777
+++ b/checks/check_extra777
@@ -17,7 +17,7 @@
CHECK_ID_extra777="7.77"
CHECK_TITLE_extra777="[extra777] Find VPC security groups with many ingress or egress rules "
CHECK_SCORED_extra777="NOT_SCORED"
-CHECK_TYPE_extra777="EXTRA"
+CHECK_CIS_LEVEL_extra777="EXTRA"
CHECK_SEVERITY_extra777="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra777="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check777="extra777"
diff --git a/checks/check_extra778 b/checks/check_extra778
index 63cb12cd..0966ee74 100644
--- a/checks/check_extra778
+++ b/checks/check_extra778
@@ -14,7 +14,7 @@
CHECK_ID_extra778="7.78"
CHECK_TITLE_extra778="[extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918) "
CHECK_SCORED_extra778="NOT_SCORED"
-CHECK_TYPE_extra778="EXTRA"
+CHECK_CIS_LEVEL_extra778="EXTRA"
CHECK_SEVERITY_extra778="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra778="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check778="extra778"
diff --git a/checks/check_extra779 b/checks/check_extra779
index 79e0bf2c..ccb95abe 100644
--- a/checks/check_extra779
+++ b/checks/check_extra779
@@ -13,7 +13,7 @@
CHECK_ID_extra779="7.79"
CHECK_TITLE_extra779="[extra779] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports"
CHECK_SCORED_extra779="NOT_SCORED"
-CHECK_TYPE_extra779="EXTRA"
+CHECK_CIS_LEVEL_extra779="EXTRA"
CHECK_SEVERITY_extra779="High"
CHECK_ASFF_RESOURCE_TYPE_extra779="AwsEc2SecurityGroup"
CHECK_ALTERNATE_check779="extra779"
diff --git a/checks/check_extra78 b/checks/check_extra78
index bdabda6d..ce5e34ef 100644
--- a/checks/check_extra78
+++ b/checks/check_extra78
@@ -13,7 +13,7 @@
CHECK_ID_extra78="7.8"
CHECK_TITLE_extra78="[extra78] Ensure there are no Public Accessible RDS instances"
CHECK_SCORED_extra78="NOT_SCORED"
-CHECK_TYPE_extra78="EXTRA"
+CHECK_CIS_LEVEL_extra78="EXTRA"
CHECK_SEVERITY_extra78="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra78="AwsRdsDbInstance"
CHECK_ALTERNATE_extra708="extra78"
diff --git a/checks/check_extra780 b/checks/check_extra780
index a2402595..d835d626 100644
--- a/checks/check_extra780
+++ b/checks/check_extra780
@@ -13,7 +13,7 @@
CHECK_ID_extra780="7.80"
CHECK_TITLE_extra780="[extra780] Check if Amazon Elasticsearch Service (ES) domains has Amazon Cognito authentication for Kibana enabled"
CHECK_SCORED_extra780="NOT_SCORED"
-CHECK_TYPE_extra780="EXTRA"
+CHECK_CIS_LEVEL_extra780="EXTRA"
CHECK_SEVERITY_extra780="High"
CHECK_ASFF_RESOURCE_TYPE_extra780="AwsElasticsearchDomain"
CHECK_ALTERNATE_check780="extra780"
diff --git a/checks/check_extra781 b/checks/check_extra781
index 69fe516f..38a4899a 100644
--- a/checks/check_extra781
+++ b/checks/check_extra781
@@ -13,7 +13,7 @@
CHECK_ID_extra781="7.81"
CHECK_TITLE_extra781="[extra781] Check if Amazon Elasticsearch Service (ES) domains has encryption at-rest enabled"
CHECK_SCORED_extra781="NOT_SCORED"
-CHECK_TYPE_extra781="EXTRA"
+CHECK_CIS_LEVEL_extra781="EXTRA"
CHECK_SEVERITY_extra781="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra781="AwsElasticsearchDomain"
CHECK_ALTERNATE_check781="extra781"
diff --git a/checks/check_extra782 b/checks/check_extra782
index 5ec70206..f6babb04 100644
--- a/checks/check_extra782
+++ b/checks/check_extra782
@@ -13,7 +13,7 @@
CHECK_ID_extra782="7.82"
CHECK_TITLE_extra782="[extra782] Check if Amazon Elasticsearch Service (ES) domains has node-to-node encryption enabled"
CHECK_SCORED_extra782="NOT_SCORED"
-CHECK_TYPE_extra782="EXTRA"
+CHECK_CIS_LEVEL_extra782="EXTRA"
CHECK_SEVERITY_extra782="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra782="AwsElasticsearchDomain"
CHECK_ALTERNATE_check782="extra782"
diff --git a/checks/check_extra783 b/checks/check_extra783
index 612e59ff..ec8005e2 100644
--- a/checks/check_extra783
+++ b/checks/check_extra783
@@ -13,7 +13,7 @@
CHECK_ID_extra783="7.83"
CHECK_TITLE_extra783="[extra783] Check if Amazon Elasticsearch Service (ES) domains has enforce HTTPS enabled"
CHECK_SCORED_extra783="NOT_SCORED"
-CHECK_TYPE_extra783="EXTRA"
+CHECK_CIS_LEVEL_extra783="EXTRA"
CHECK_SEVERITY_extra783="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra783="AwsElasticsearchDomain"
CHECK_ALTERNATE_check783="extra783"
diff --git a/checks/check_extra784 b/checks/check_extra784
index 351a1e3e..3a200968 100644
--- a/checks/check_extra784
+++ b/checks/check_extra784
@@ -13,7 +13,7 @@
CHECK_ID_extra784="7.84"
CHECK_TITLE_extra784="[extra784] Check if Amazon Elasticsearch Service (ES) domains internal user database enabled"
CHECK_SCORED_extra784="NOT_SCORED"
-CHECK_TYPE_extra784="EXTRA"
+CHECK_CIS_LEVEL_extra784="EXTRA"
CHECK_SEVERITY_extra784="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra784="AwsElasticsearchDomain"
CHECK_ALTERNATE_check784="extra784"
diff --git a/checks/check_extra785 b/checks/check_extra785
index 62139103..e47e0a6f 100644
--- a/checks/check_extra785
+++ b/checks/check_extra785
@@ -13,7 +13,7 @@
CHECK_ID_extra785="7.85"
CHECK_TITLE_extra785="[extra785] Check if Amazon Elasticsearch Service (ES) domains have updates available"
CHECK_SCORED_extra785="NOT_SCORED"
-CHECK_TYPE_extra785="EXTRA"
+CHECK_CIS_LEVEL_extra785="EXTRA"
CHECK_SEVERITY_extra785="Low"
CHECK_ASFF_RESOURCE_TYPE_extra785="AwsElasticsearchDomain"
CHECK_ALTERNATE_check785="extra785"
diff --git a/checks/check_extra786 b/checks/check_extra786
index 87a33ecf..11643e4a 100644
--- a/checks/check_extra786
+++ b/checks/check_extra786
@@ -13,7 +13,7 @@
CHECK_ID_extra786="7.86"
CHECK_TITLE_extra786="[extra786] Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required "
CHECK_SCORED_extra786="NOT_SCORED"
-CHECK_TYPE_extra786="EXTRA"
+CHECK_CIS_LEVEL_extra786="EXTRA"
CHECK_SEVERITY_extra786="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra786="AwsEc2Instance"
CHECK_ALTERNATE_check786="extra786"
diff --git a/checks/check_extra787 b/checks/check_extra787
index a8aeaf51..ef61f44f 100644
--- a/checks/check_extra787
+++ b/checks/check_extra787
@@ -13,7 +13,7 @@
CHECK_ID_extra787="7.87"
CHECK_TITLE_extra787="[extra787] Check connection and authentication for Internet exposed Elasticsearch/Kibana ports"
CHECK_SCORED_extra787="NOT_SCORED"
-CHECK_TYPE_extra787="EXTRA"
+CHECK_CIS_LEVEL_extra787="EXTRA"
CHECK_SEVERITY_extra787="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra787="AwsEc2Instance"
CHECK_ALTERNATE_check787="extra787"
diff --git a/checks/check_extra788 b/checks/check_extra788
index 8d0655c1..b407ccac 100644
--- a/checks/check_extra788
+++ b/checks/check_extra788
@@ -13,7 +13,7 @@
CHECK_ID_extra788="7.88"
CHECK_TITLE_extra788="[extra788] Check connection and authentication for Internet exposed Amazon Elasticsearch Service (ES) domains"
CHECK_SCORED_extra788="NOT_SCORED"
-CHECK_TYPE_extra788="EXTRA"
+CHECK_CIS_LEVEL_extra788="EXTRA"
CHECK_SEVERITY_extra788="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra788="AwsElasticsearchDomain"
CHECK_ALTERNATE_check788="extra788"
diff --git a/checks/check_extra789 b/checks/check_extra789
index ed014307..66fe6250 100644
--- a/checks/check_extra789
+++ b/checks/check_extra789
@@ -14,7 +14,7 @@
CHECK_ID_extra789="7.89"
CHECK_TITLE_extra789="[extra789] Find trust boundaries in VPC endpoint services connections"
CHECK_SCORED_extra789="NOT_SCORED"
-CHECK_TYPE_extra789="EXTRA"
+CHECK_CIS_LEVEL_extra789="EXTRA"
CHECK_SEVERITY_extra789="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra789="AwsEc2Vpc"
CHECK_ALTERNATE_extra789="extra789"
diff --git a/checks/check_extra79 b/checks/check_extra79
index ffad816f..894dd0f9 100644
--- a/checks/check_extra79
+++ b/checks/check_extra79
@@ -13,7 +13,7 @@
CHECK_ID_extra79="7.9"
CHECK_TITLE_extra79="[extra79] Check for internet facing Elastic Load Balancers"
CHECK_SCORED_extra79="NOT_SCORED"
-CHECK_TYPE_extra79="EXTRA"
+CHECK_CIS_LEVEL_extra79="EXTRA"
CHECK_SEVERITY_extra79="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra79="AwsElbLoadBalancer"
CHECK_ALTERNATE_extra709="extra79"
diff --git a/checks/check_extra790 b/checks/check_extra790
index e31f73cc..f2680c78 100644
--- a/checks/check_extra790
+++ b/checks/check_extra790
@@ -14,7 +14,7 @@
CHECK_ID_extra790="7.90"
CHECK_TITLE_extra790="[extra790] Find trust boundaries in VPC endpoint services whitelisted principles"
CHECK_SCORED_extra790="NOT_SCORED"
-CHECK_TYPE_extra790="EXTRA"
+CHECK_CIS_LEVEL_extra790="EXTRA"
CHECK_SEVERITY_extra790="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra790="AwsEc2Vpc"
CHECK_ALTERNATE_extra790="extra790"
diff --git a/checks/check_extra791 b/checks/check_extra791
index 99ccac1a..22f1ee83 100644
--- a/checks/check_extra791
+++ b/checks/check_extra791
@@ -13,7 +13,7 @@
CHECK_ID_extra791="7.91"
CHECK_TITLE_extra791="[extra791] Check if CloudFront distributions are using deprecated SSL protocols"
CHECK_SCORED_extra791="NOT_SCORED"
-CHECK_TYPE_extra791="EXTRA"
+CHECK_CIS_LEVEL_extra791="EXTRA"
CHECK_SEVERITY_extra791="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra791="AwsCloudFrontDistribution"
CHECK_ALTERNATE_check791="extra791"
diff --git a/checks/check_extra792 b/checks/check_extra792
index c9906104..04b36bf3 100644
--- a/checks/check_extra792
+++ b/checks/check_extra792
@@ -13,7 +13,7 @@
CHECK_ID_extra792="7.92"
CHECK_TITLE_extra792="[extra792] Check if Elastic Load Balancers have insecure SSL ciphers "
CHECK_SCORED_extra792="NOT_SCORED"
-CHECK_TYPE_extra792="EXTRA"
+CHECK_CIS_LEVEL_extra792="EXTRA"
CHECK_SEVERITY_extra792="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra792="AwsElbLoadBalancer"
CHECK_ALTERNATE_check792="extra792"
diff --git a/checks/check_extra793 b/checks/check_extra793
index 42b3bf36..413a8a47 100644
--- a/checks/check_extra793
+++ b/checks/check_extra793
@@ -13,7 +13,7 @@
CHECK_ID_extra793="7.93"
CHECK_TITLE_extra793="[extra793] Check if Elastic Load Balancers have SSL listeners "
CHECK_SCORED_extra793="NOT_SCORED"
-CHECK_TYPE_extra793="EXTRA"
+CHECK_CIS_LEVEL_extra793="EXTRA"
CHECK_SEVERITY_extra793="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra793="AwsElbLoadBalancer"
CHECK_ALTERNATE_check793="extra793"
diff --git a/checks/check_extra794 b/checks/check_extra794
index 347e4809..ef6f2aee 100644
--- a/checks/check_extra794
+++ b/checks/check_extra794
@@ -13,7 +13,7 @@
CHECK_ID_extra794="7.94"
CHECK_TITLE_extra794="[extra794] Ensure EKS Control Plane Audit Logging is enabled for all log types"
CHECK_SCORED_extra794="NOT_SCORED"
-CHECK_TYPE_extra794="EXTRA"
+CHECK_CIS_LEVEL_extra794="EXTRA"
CHECK_SEVERITY_extra794="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra794="AwsEksCluster"
CHECK_ALTERNATE_check794="extra794"
diff --git a/checks/check_extra795 b/checks/check_extra795
index d28e0f4e..d71370e0 100644
--- a/checks/check_extra795
+++ b/checks/check_extra795
@@ -13,7 +13,7 @@
CHECK_ID_extra795="7.95"
CHECK_TITLE_extra795="[extra795] Ensure EKS Clusters are created with Private Endpoint Enabled and Public Access Disabled"
CHECK_SCORED_extra795="NOT_SCORED"
-CHECK_TYPE_extra795="EXTRA"
+CHECK_CIS_LEVEL_extra795="EXTRA"
CHECK_SEVERITY_extra795="High"
CHECK_ASFF_RESOURCE_TYPE_extra795="AwsEksCluster"
CHECK_ALTERNATE_check795="extra795"
diff --git a/checks/check_extra796 b/checks/check_extra796
index 5351d4e8..34789c74 100644
--- a/checks/check_extra796
+++ b/checks/check_extra796
@@ -13,7 +13,7 @@
CHECK_ID_extra796="7.96"
CHECK_TITLE_extra796="[extra796] Restrict Access to the EKS Control Plane Endpoint"
CHECK_SCORED_extra796="NOT_SCORED"
-CHECK_TYPE_extra796="EXTRA"
+CHECK_CIS_LEVEL_extra796="EXTRA"
CHECK_SEVERITY_extra796="High"
CHECK_ASFF_RESOURCE_TYPE_extra796="AwsEksCluster"
CHECK_ALTERNATE_check796="extra796"
diff --git a/checks/check_extra797 b/checks/check_extra797
index 7576292b..473c5376 100644
--- a/checks/check_extra797
+++ b/checks/check_extra797
@@ -13,7 +13,7 @@
CHECK_ID_extra797="7.97"
CHECK_TITLE_extra797="[extra797] Ensure Kubernetes Secrets are encrypted using Customer Master Keys (CMKs)"
CHECK_SCORED_extra797="NOT_SCORED"
-CHECK_TYPE_extra797="EXTRA"
+CHECK_CIS_LEVEL_extra797="EXTRA"
CHECK_SEVERITY_extra797="Medium"
CHECK_ASFF_RESOURCE_TYPE_extra797="AwsEksCluster"
CHECK_ALTERNATE_check797="extra797"
diff --git a/checks/check_extra798 b/checks/check_extra798
index d14799f1..1d8e00ef 100644
--- a/checks/check_extra798
+++ b/checks/check_extra798
@@ -14,7 +14,7 @@
CHECK_ID_extra798="7.98"
CHECK_TITLE_extra798="[extra798] Check if Lambda functions have resource-based policy set as Public"
CHECK_SCORED_extra798="NOT_SCORED"
-CHECK_TYPE_extra798="EXTRA"
+CHECK_CIS_LEVEL_extra798="EXTRA"
CHECK_SEVERITY_extra798="Critical"
CHECK_ASFF_RESOURCE_TYPE_extra798="AwsLambdaFunction"
CHECK_ALTERNATE_check798="extra798"
diff --git a/checks/check_extra799 b/checks/check_extra799
index c028df95..b96f062a 100644
--- a/checks/check_extra799
+++ b/checks/check_extra799
@@ -14,7 +14,7 @@
CHECK_ID_extra799="7.99"
CHECK_TITLE_extra799="[extra799] Check if Security Hub is enabled and its standard subscriptions"
CHECK_SCORED_extra799="NOT_SCORED"
-CHECK_TYPE_extra799="EXTRA"
+CHECK_CIS_LEVEL_extra799="EXTRA"
CHECK_SEVERITY_extra799="High"
CHECK_ASFF_RESOURCE_TYPE_extra799="AwsSecurityHubHub"
CHECK_ALTERNATE_check799="extra799"
diff --git a/checks/check_sample b/checks/check_sample
index 2b16c752..b7b284bf 100644
--- a/checks/check_sample
+++ b/checks/check_sample
@@ -27,7 +27,7 @@
# CHECK_ID_checkN="N.N"
# CHECK_TITLE_checkN="[checkN] Description "
# CHECK_SCORED_checkN="NOT_SCORED"
-# CHECK_TYPE_checkN="EXTRA"
+# CHECK_CIS_LEVEL_checkN="EXTRA"
# CHECK_SEVERITY_check="Medium"
# CHECK_ASFF_RESOURCE_TYPE_checkN="AwsAccount" # Choose appropriate value from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html#asff-resources
# CHECK_ALTERNATE_checkN="extraN"
diff --git a/include/html_report b/include/html_report
index c1097470..cf7218a6 100644
--- a/include/html_report
+++ b/include/html_report
@@ -137,6 +137,7 @@ addHtmlHeader() {
| CheckID |
Check Title |
Check Output |
+ CIS Level |
CAF Epic |
Risk |
Remediation |
diff --git a/include/outputs b/include/outputs
index c02e073f..5fe49fee 100644
--- a/include/outputs
+++ b/include/outputs
@@ -50,7 +50,7 @@ PROWLER_PARAMETERS=$@
# $TITLE_ID Numeric identifier of each check (1.2, 2.3, etc), originally based on CIS checks.
# $CHECK_RESULT values can be PASS, FAIL, INFO or WARNING if whitelisted
# $ITEM_SCORED corresponds to CHECK_SCORED, values can be Scored/Not Scored. This is CIS only, will be deprecated in Prowler.
-# $ITEM_LEVEL corresponds to CHECK_TYPE_ currently only for CIS Level 1, CIS Level 2 and Extras (all checks not part of CIS)
+# $ITEM_CIS_LEVEL corresponds to CHECK_TYPE_ currently only for CIS Level 1, CIS Level 2 and Extras (all checks not part of CIS)
# $TITLE_TEXT corresponds to CHECK_TITLE_ shows title of each check
# $CHECK_RESULT_EXTENDED shows response of each check per resource like sg-123438 is open!
# $CHECK_ASFF_COMPLIANCE_TYPE specify type from taxonomy https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html
@@ -100,7 +100,7 @@ textPass(){
REPREGION=$REGION
fi
if [[ "${MODES[@]}" =~ "csv" ]]; then
- echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID${SEP}$PROWLER_START_TIME" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+ echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_CIS_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID${SEP}$PROWLER_START_TIME" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
fi
if [[ "${MODES[@]}" =~ "json" ]]; then
generateJsonOutput "$1" "Pass" "$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.$EXTENSION_JSON
@@ -142,7 +142,7 @@ textInfo(){
REPREGION=$REGION
fi
if [[ "${MODES[@]}" =~ "csv" ]]; then
- echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID${SEP}$PROWLER_START_TIME" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+ echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_CIS_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID${SEP}$PROWLER_START_TIME" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
fi
if [[ "${MODES[@]}" =~ "json" ]]; then
generateJsonOutput "$1" "Info" "$CHECK_RESOURCE_ID" >> ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
@@ -203,7 +203,7 @@ textFail(){
fi
if [[ "${MODES[@]}" =~ "csv" ]]; then
- echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID${SEP}$PROWLER_START_TIME" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
+ echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}$CHECK_RESULT${SEP}$ITEM_SCORED${SEP}$ITEM_CIS_LEVEL${SEP}$TITLE_TEXT${SEP}$CHECK_RESULT_EXTENDED${SEP}$CHECK_ASFF_COMPLIANCE_TYPE${SEP}$CHECK_SEVERITY${SEP}$CHECK_SERVICENAME${SEP}$CHECK_ASFF_RESOURCE_TYPE${SEP}$CHECK_ASFF_TYPE${SEP}$CHECK_RISK${SEP}$CHECK_REMEDIATION${SEP}$CHECK_DOC${SEP}$CHECK_CAF_EPIC${SEP}$CHECK_RESOURCE_ID${SEP}$PROWLER_START_TIME" >> ${OUTPUT_FILE_NAME}.$EXTENSION_CSV
fi
if [[ "${MODES[@]}" =~ "json" ]]; then
generateJsonOutput "$1" "${level}" "$CHECK_RESOURCE_ID">> ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
@@ -245,25 +245,13 @@ textTitle(){
local CHECK_SERVICENAME="$MAGENTA$3$NORMAL"
local CHECK_SEVERITY="$BROWN[$4]$NORMAL"
- # case "$3" in
- # 0|No|NOT_SCORED)
- # ITEM_SCORED="Not Scored"
- # ;;
- # 1|Yes|SCORED)
- # ITEM_SCORED="Scored"
- # ;;
- # *)
- # ITEM_SCORED="Unspecified"
- # ;;
- # esac
-
- # case "$4" in
- # LEVEL1) ITEM_LEVEL="Level 1";;
- # LEVEL2) ITEM_LEVEL="Level 2";;
- # EXTRA) ITEM_LEVEL="Extra";;
- # SUPPORT) ITEM_LEVEL="Support";;
- # *) ITEM_LEVEL="Unspecified or Invalid";;
- # esac
+ case "$6" in
+ LEVEL1) ITEM_CIS_LEVEL="CIS Level 1";;
+ LEVEL2) ITEM_CIS_LEVEL="CIS Level 2";;
+ EXTRA) ITEM_CIS_LEVEL="Extra";;
+ SUPPORT) ITEM_CIS_LEVEL="Support";;
+ *) ITEM_CIS_LEVEL="Unspecified or Invalid";;
+ esac
local group_ids
# if [[ -n "$4" ]]; then
@@ -296,7 +284,7 @@ generateJsonOutput(){
--arg STATUS "$status" \
--arg SEVERITY "$(echo $CHECK_SEVERITY | sed 's/[][]//g')" \
--arg SCORED "$ITEM_SCORED" \
- --arg ITEM_LEVEL "$ITEM_LEVEL" \
+ --arg ITEM_CIS_LEVEL "$ITEM_CIS_LEVEL" \
--arg TITLE_ID "$TITLE_ID" \
--arg REPREGION "$REPREGION" \
--arg TYPE "$CHECK_ASFF_COMPLIANCE_TYPE" \
@@ -315,7 +303,7 @@ generateJsonOutput(){
"Severity": $SEVERITY,
"Status": $STATUS,
"Scored": $SCORED,
- "Level": $ITEM_LEVEL,
+ "Level": $ITEM_CIS_LEVEL,
"Control ID": $TITLE_ID,
"Region": $REPREGION,
"Timestamp": $TIMESTAMP,
@@ -430,6 +418,7 @@ generateHtmlOutput(){
echo ' '$TITLE_ID' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ' '$TITLE_TEXT' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ' '$message' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
+ echo ' '$ITEM_CIS_LEVEL' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ' '$CHECK_CAF_EPIC' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ' '$CHECK_RISK' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
echo ' '$CHECK_REMEDIATION' | ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
diff --git a/prowler b/prowler
index 9202d3ea..94a74db9 100755
--- a/prowler
+++ b/prowler
@@ -352,7 +352,7 @@ show_check_title() {
local check_id=CHECK_ID_$1
local check_title=CHECK_TITLE_$1
local check_scored=CHECK_SCORED_$1
- local check_type=CHECK_TYPE_$1
+ local check_cis_level=CHECK_CIS_LEVEL_$1
local check_asff_compliance_type=CHECK_ASFF_COMPLIANCE_TYPE_$1
local check_severity=CHECK_SEVERITY_$1
local check_servicename=CHECK_SERVICENAME_$1
@@ -375,9 +375,9 @@ show_check_title() {
fi
# This shows ASFF_COMPLIANCE_TYPE if group used is ens, this si used to show ENS compliance ID control, can be used for other compliance groups as well.
if [[ ${GROUP_ID_READ} == "ens" ]];then
- textTitle "${!check_id}" "${!check_title}" "${!check_scored}" "${!check_type}" "$group_ids" "(${!check_asff_compliance_type})"
+ textTitle "${!check_id}" "${!check_title}" "${!check_scored}" "${!check_cis_level}" "$group_ids" "(${!check_asff_compliance_type})"
else
- textTitle "${!check_id}" "${!check_title}" "${!check_servicename}" "${!check_severity}" "$group_ids"
+ textTitle "${!check_id}" "${!check_title}" "${!check_servicename}" "${!check_severity}" "$group_ids" "${!check_cis_level}"
fi
}