severity+security_hub

checks/check11

@@ -12,6 +12,7 @@ CHECK_ID_check11="1.1"
 CHECK_TITLE_check11="[check11] Avoid the use of the root account (Scored)"
 CHECK_SCORED_check11="SCORED"
 CHECK_TYPE_check11="LEVEL1"
+CHECK_SEVERITY_check11="High"
 CHECK_ASFF_TYPE_check11="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check101="check11"
 

checks/check110

@@ -12,6 +12,7 @@ CHECK_ID_check110="1.10"
 CHECK_TITLE_check110="[check110] Ensure IAM password policy prevents password reuse: 24 or greater (Scored)"
 CHECK_SCORED_check110="SCORED"
 CHECK_TYPE_check110="LEVEL1"
+CHECK_SEVERITY_check110="Medium"
 CHECK_ASFF_TYPE_check110="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check110="check110"
 

checks/check111

@@ -12,6 +12,7 @@ CHECK_ID_check111="1.11"
 CHECK_TITLE_check111="[check111] Ensure IAM password policy expires passwords within 90 days or less (Scored)"
 CHECK_SCORED_check111="SCORED"
 CHECK_TYPE_check111="LEVEL1"
+CHECK_SEVERITY_check111="Medium"
 CHECK_ASFF_TYPE_check111="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check111="check111"
 

checks/check112

@@ -12,6 +12,7 @@ CHECK_ID_check112="1.12"
 CHECK_TITLE_check112="[check112] Ensure no root account access key exists (Scored)"
 CHECK_SCORED_check112="SCORED"
 CHECK_TYPE_check112="LEVEL1"
+CHECK_SEVERITY_check112="Critical"
 CHECK_ASFF_TYPE_check112="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check112="check112"
 

checks/check113

@@ -12,6 +12,7 @@ CHECK_ID_check113="1.13"
 CHECK_TITLE_check113="[check113] Ensure MFA is enabled for the root account (Scored)"
 CHECK_SCORED_check113="SCORED"
 CHECK_TYPE_check113="LEVEL1"
+CHECK_SEVERITY_check113="Critical"
 CHECK_ASFF_TYPE_check113="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check113="check113"
 

checks/check114

@@ -12,6 +12,7 @@ CHECK_ID_check114="1.14"
 CHECK_TITLE_check114="[check114] Ensure hardware MFA is enabled for the root account (Scored)"
 CHECK_SCORED_check114="SCORED"
 CHECK_TYPE_check114="LEVEL2"
+CHECK_SEVERITY_check114="Critical"
 CHECK_ASFF_TYPE_check114="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check114="check114"
 

checks/check115

@@ -12,6 +12,7 @@ CHECK_ID_check115="1.15"
 CHECK_TITLE_check115="[check115] Ensure security questions are registered in the AWS account (Not Scored)"
 CHECK_SCORED_check115="NOT_SCORED"
 CHECK_TYPE_check115="LEVEL1"
+CHECK_SEVERITY_check115="Medium"
 CHECK_ASFF_TYPE_check115="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check115="check115"
 

checks/check116

@@ -12,6 +12,7 @@ CHECK_ID_check116="1.16"
 CHECK_TITLE_check116="[check116] Ensure IAM policies are attached only to groups or roles (Scored)"
 CHECK_SCORED_check116="SCORED"
 CHECK_TYPE_check116="LEVEL1"
+CHECK_SEVERITY_check116="Low"
 CHECK_ASFF_TYPE_check116="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check116="AwsIamUser"
 CHECK_ALTERNATE_check116="check116"

checks/check117

@@ -12,6 +12,7 @@ CHECK_ID_check117="1.17"
 CHECK_TITLE_check117="[check117] Maintain current contact details (Not Scored)"
 CHECK_SCORED_check117="NOT_SCORED"
 CHECK_TYPE_check117="LEVEL1"
+CHECK_SEVERITY_check117="Medium"
 CHECK_ASFF_TYPE_check117="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check117="check117"
 

checks/check118

@@ -12,6 +12,7 @@ CHECK_ID_check118="1.18"
 CHECK_TITLE_check118="[check118] Ensure security contact information is registered (Not Scored)"
 CHECK_SCORED_check118="NOT_SCORED"
 CHECK_TYPE_check118="LEVEL1"
+CHECK_SEVERITY_check118="Medium"
 CHECK_ASFF_TYPE_check118="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check118="check118"
 

checks/check119

@@ -12,6 +12,7 @@ CHECK_ID_check119="1.19"
 CHECK_TITLE_check119="[check119] Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)"
 CHECK_SCORED_check119="NOT_SCORED"
 CHECK_TYPE_check119="LEVEL2"
+CHECK_SEVERITY_check119="Medium"
 CHECK_ASFF_TYPE_check119="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check119="AwsEc2Instance"
 CHECK_ALTERNATE_check119="check119"

checks/check12

@@ -12,6 +12,7 @@ CHECK_ID_check12="1.2"
 CHECK_TITLE_check12="[check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"
 CHECK_SCORED_check12="SCORED"
 CHECK_TYPE_check12="LEVEL1"
+CHECK_SEVERITY_check12="High"
 CHECK_ASFF_TYPE_check12="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check12="AwsIamUser"
 CHECK_ALTERNATE_check102="check12"

checks/check120

@@ -12,6 +12,7 @@ CHECK_ID_check120="1.20"
 CHECK_TITLE_check120="[check120] Ensure a support role has been created to manage incidents with AWS Support (Scored)"
 CHECK_SCORED_check120="SCORED"
 CHECK_TYPE_check120="LEVEL1"
+CHECK_SEVERITY_check120="Medium"
 CHECK_ASFF_TYPE_check120="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check120="AwsIamRole"
 CHECK_ALTERNATE_check120="check120"

checks/check121

@@ -12,6 +12,7 @@ CHECK_ID_check121="1.21"
 CHECK_TITLE_check121="[check121] Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)"
 CHECK_SCORED_check121="NOT_SCORED"
 CHECK_TYPE_check121="LEVEL1"
+CHECK_SEVERITY_check121="Medium"
 CHECK_ASFF_TYPE_check121="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check121="AwsIamUser"
 CHECK_ALTERNATE_check121="check121"

checks/check122

@@ -12,6 +12,7 @@ CHECK_ID_check122="1.22"
 CHECK_TITLE_check122="[check122] Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)"
 CHECK_SCORED_check122="SCORED"
 CHECK_TYPE_check122="LEVEL1"
+CHECK_SEVERITY_check122="Medium"
 CHECK_ASFF_TYPE_check122="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check122="AwsIamPolicy"
 CHECK_ALTERNATE_check122="check122"

checks/check13

@@ -12,6 +12,7 @@ CHECK_ID_check13="1.3"
 CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled (Scored)"
 CHECK_SCORED_check13="SCORED"
 CHECK_TYPE_check13="LEVEL1"
+CHECK_SEVERITY_check13="Medium"
 CHECK_ASFF_TYPE_check13="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check13="AwsIamUser"
 CHECK_ALTERNATE_check103="check13"

checks/check14

@@ -12,6 +12,7 @@ CHECK_ID_check14="1.4"
 CHECK_TITLE_check14="[check14] Ensure access keys are rotated every 90 days or less (Scored)"
 CHECK_SCORED_check14="SCORED"
 CHECK_TYPE_check14="LEVEL1"
+CHECK_SEVERITY_check14="Medium"
 CHECK_ASFF_TYPE_check14="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check14="AwsIamUser"
 CHECK_ALTERNATE_check104="check14"

checks/check15

@@ -12,6 +12,7 @@ CHECK_ID_check15="1.5"
 CHECK_TITLE_check15="[check15] Ensure IAM password policy requires at least one uppercase letter (Scored)"
 CHECK_SCORED_check15="SCORED"
 CHECK_TYPE_check15="LEVEL1"
+   CHECK_SEVERITY_check15="medium"
 CHECK_ASFF_TYPE_check15="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check105="check15"
 

checks/check16

@@ -12,6 +12,7 @@ CHECK_ID_check16="1.6"
 CHECK_TITLE_check16="[check16] Ensure IAM password policy require at least one lowercase letter (Scored)"
 CHECK_SCORED_check16="SCORED"
 CHECK_TYPE_check16="LEVEL1"
+CHECK_SEVERITY_check16="medium"
 CHECK_ASFF_TYPE_check16="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check106="check16"
 

checks/check17

@@ -12,6 +12,7 @@ CHECK_ID_check17="1.7"
 CHECK_TITLE_check17="[check17] Ensure IAM password policy require at least one symbol (Scored)"
 CHECK_SCORED_check17="SCORED"
 CHECK_TYPE_check17="LEVEL1"
+CHECK_SEVERITY_check17="Medium"
 CHECK_ASFF_TYPE_check17="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check107="check17"
 

checks/check18

@@ -12,6 +12,7 @@ CHECK_ID_check18="1.8"
 CHECK_TITLE_check18="[check18] Ensure IAM password policy require at least one number (Scored)"
 CHECK_SCORED_check18="SCORED"
 CHECK_TYPE_check18="LEVEL1"
+CHECK_SEVERITY_check18="Medium"
 CHECK_ASFF_TYPE_check18="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check108="check18"
 

checks/check19

@@ -12,6 +12,7 @@ CHECK_ID_check19="1.9"
 CHECK_TITLE_check19="[check19] Ensure IAM password policy requires minimum length of 14 or greater (Scored)"
 CHECK_SCORED_check19="SCORED"
 CHECK_TYPE_check19="LEVEL1"
+CHECK_SEVERITY_check19="Medium"
 CHECK_ASFF_TYPE_check19="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check109="check19"
 

checks/check21

@@ -12,6 +12,7 @@ CHECK_ID_check21="2.1"
 CHECK_TITLE_check21="[check21] Ensure CloudTrail is enabled in all regions (Scored)"
 CHECK_SCORED_check21="SCORED"
 CHECK_TYPE_check21="LEVEL1"
+CHECK_SEVERITY_check21="High"
 CHECK_ASFF_TYPE_check21="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check21="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check201="check21"

checks/check22

@@ -12,6 +12,7 @@ CHECK_ID_check22="2.2"
 CHECK_TITLE_check22="[check22] Ensure CloudTrail log file validation is enabled (Scored)"
 CHECK_SCORED_check22="SCORED"
 CHECK_TYPE_check22="LEVEL2"
+CHECK_SEVERITY_check22="Medium"
 CHECK_ASFF_TYPE_check22="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check22="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check202="check22"

checks/check23

@@ -12,6 +12,7 @@ CHECK_ID_check23="2.3"
 CHECK_TITLE_check23="[check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"
 CHECK_SCORED_check23="SCORED"
 CHECK_TYPE_check23="LEVEL1"
+CHECK_SEVERITY_check23="Critical"
 CHECK_ASFF_TYPE_check23="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check23="AwsS3Bucket"
 CHECK_ALTERNATE_check203="check23"

checks/check24

@@ -12,6 +12,7 @@ CHECK_ID_check24="2.4"
 CHECK_TITLE_check24="[check24] Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)"
 CHECK_SCORED_check24="SCORED"
 CHECK_TYPE_check24="LEVEL1"
+CHECK_SEVERITY_check24="Low"
 CHECK_ASFF_TYPE_check24="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check24="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check204="check24"

checks/check25

@@ -12,6 +12,7 @@ CHECK_ID_check25="2.5"
 CHECK_TITLE_check25="[check25] Ensure AWS Config is enabled in all regions (Scored)"
 CHECK_SCORED_check25="SCORED"
 CHECK_TYPE_check25="LEVEL1"
+CHECK_SEVERITY_check25="Medium"
 CHECK_ASFF_TYPE_check25="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ALTERNATE_check205="check25"
 

checks/check26

@@ -12,6 +12,7 @@ CHECK_ID_check26="2.6"
 CHECK_TITLE_check26="[check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"
 CHECK_SCORED_check26="SCORED"
 CHECK_TYPE_check26="LEVEL1"
+CHECK_SEVERITY_check26="Medium"
 CHECK_ASFF_TYPE_check26="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check26="AwsS3Bucket"
 CHECK_ALTERNATE_check206="check26"

checks/check27

@@ -12,6 +12,7 @@ CHECK_ID_check27="2.7"
 CHECK_TITLE_check27="[check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"
 CHECK_SCORED_check27="SCORED"
 CHECK_TYPE_check27="LEVEL2"
+CHECK_SEVERITY_check27="Medium"
 CHECK_ASFF_TYPE_check27="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check27="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check207="check27"

checks/check28

@@ -12,6 +12,7 @@ CHECK_ID_check28="2.8"
 CHECK_TITLE_check28="[check28] Ensure rotation for customer created CMKs is enabled (Scored)"
 CHECK_SCORED_check28="SCORED"
 CHECK_TYPE_check28="LEVEL2"
+CHECK_SEVERITY_check28="Medium"
 CHECK_ASFF_TYPE_check28="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check28="AwsKmsKey"
 CHECK_ALTERNATE_check208="check28"

checks/check29

@@ -12,6 +12,7 @@ CHECK_ID_check29="2.9"
 CHECK_TITLE_check29="[check29] Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"
 CHECK_SCORED_check29="SCORED"
 CHECK_TYPE_check29="LEVEL2"
+CHECK_SEVERITY_check29="Medium"
 CHECK_ASFF_TYPE_check29="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check29="AwsEc2Vpc"
 CHECK_ALTERNATE_check209="check29"

checks/check31

@@ -37,6 +37,7 @@ CHECK_ID_check31="3.1"
 CHECK_TITLE_check31="[check31] Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)"
 CHECK_SCORED_check31="SCORED"
 CHECK_TYPE_check31="LEVEL1"
+CHECK_SEVERITY_check31="Medium"
 CHECK_ASFF_TYPE_check31="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check31="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check301="check31"

checks/check310

@@ -37,6 +37,7 @@ CHECK_ID_check310="3.10"
 CHECK_TITLE_check310="[check310] Ensure a log metric filter and alarm exist for security group changes (Scored)"
 CHECK_SCORED_check310="SCORED"
 CHECK_TYPE_check310="LEVEL2"
+CHECK_SEVERITY_check310="Medium"
 CHECK_ASFF_TYPE_check310="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check310="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check310="check310"

checks/check311

@@ -37,6 +37,7 @@ CHECK_ID_check311="3.11"
 CHECK_TITLE_check311="[check311] Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Scored)"
 CHECK_SCORED_check311="SCORED"
 CHECK_TYPE_check311="LEVEL2"
+CHECK_SEVERITY_check311="Medium"
 CHECK_ASFF_TYPE_check311="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check311="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check311="check311"

checks/check312

@@ -37,6 +37,7 @@ CHECK_ID_check312="3.12"
 CHECK_TITLE_check312="[check312] Ensure a log metric filter and alarm exist for changes to network gateways (Scored)"
 CHECK_SCORED_check312="SCORED"
 CHECK_TYPE_check312="LEVEL1"
+CHECK_SEVERITY_check312="Medium"
 CHECK_ASFF_TYPE_check312="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check312="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check312="check312"

checks/check313

@@ -37,6 +37,7 @@ CHECK_ID_check313="3.13"
 CHECK_TITLE_check313="[check313] Ensure a log metric filter and alarm exist for route table changes (Scored)"
 CHECK_SCORED_check313="SCORED"
 CHECK_TYPE_check313="LEVEL1"
+CHECK_SEVERITY_check313="Medium"
 CHECK_ASFF_TYPE_check313="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check313="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check313="check313"

checks/check314

@@ -37,6 +37,7 @@ CHECK_ID_check314="3.14"
 CHECK_TITLE_check314="[check314] Ensure a log metric filter and alarm exist for VPC changes (Scored)"
 CHECK_SCORED_check314="SCORED"
 CHECK_TYPE_check314="LEVEL1"
+CHECK_SEVERITY_check314="Medium"
 CHECK_ASFF_TYPE_check314="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check314="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check314="check314"

checks/check32

@@ -37,6 +37,7 @@ CHECK_ID_check32="3.2"
 CHECK_TITLE_check32="[check32] Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)"
 CHECK_SCORED_check32="SCORED"
 CHECK_TYPE_check32="LEVEL1"
+CHECK_SEVERITY_check32="Medium"
 CHECK_ASFF_TYPE_check32="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check32="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check302="check32"

checks/check33

@@ -37,6 +37,7 @@ CHECK_ID_check33="3.3"
 CHECK_TITLE_check33="[check33] Ensure a log metric filter and alarm exist for usage of root account (Scored)"
 CHECK_SCORED_check33="SCORED"
 CHECK_TYPE_check33="LEVEL1"
+CHECK_SEVERITY_check33="Medium"
 CHECK_ASFF_TYPE_check33="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check33="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check303="check33"

checks/check34

@@ -37,6 +37,7 @@ CHECK_ID_check34="3.4"
 CHECK_TITLE_check34="[check34] Ensure a log metric filter and alarm exist for IAM policy changes (Scored)"
 CHECK_SCORED_check34="SCORED"
 CHECK_TYPE_check34="LEVEL1"
+CHECK_SEVERITY_check34="Medium"
 CHECK_ASFF_TYPE_check34="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check34="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check304="check34"

checks/check35

@@ -37,6 +37,7 @@ CHECK_ID_check35="3.5"
 CHECK_TITLE_check35="[check35] Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)"
 CHECK_SCORED_check35="SCORED"
 CHECK_TYPE_check35="LEVEL1"
+CHECK_SEVERITY_check35="Medium"
 CHECK_ASFF_TYPE_check35="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check35="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check305="check35"

checks/check36

@@ -37,6 +37,7 @@ CHECK_ID_check36="3.6"
 CHECK_TITLE_check36="[check36] Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)"
 CHECK_SCORED_check36="SCORED"
 CHECK_TYPE_check36="LEVEL2"
+CHECK_SEVERITY_check36="Medium"
 CHECK_ASFF_TYPE_check36="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check36="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check306="check36"

checks/check37

@@ -37,6 +37,7 @@ CHECK_ID_check37="3.7"
 CHECK_TITLE_check37="[check37] Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)"
 CHECK_SCORED_check37="SCORED"
 CHECK_TYPE_check37="LEVEL2"
+CHECK_SEVERITY_check37="Medium"
 CHECK_ASFF_TYPE_check37="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check37="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check307="check37"

checks/check38

@@ -37,6 +37,7 @@ CHECK_ID_check38="3.8"
 CHECK_TITLE_check38="[check38] Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)"
 CHECK_SCORED_check38="SCORED"
 CHECK_TYPE_check38="LEVEL1"
+CHECK_SEVERITY_check38="Medium"
 CHECK_ASFF_TYPE_check38="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check38="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check308="check38"

checks/check39

@@ -37,6 +37,7 @@ CHECK_ID_check39="3.9"
 CHECK_TITLE_check39="[check39] Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)"
 CHECK_SCORED_check39="SCORED"
 CHECK_TYPE_check39="LEVEL2"
+CHECK_SEVERITY_check39="Medium"
 CHECK_ASFF_TYPE_check39="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check39="AwsCloudTrailTrail"
 CHECK_ALTERNATE_check309="check39"

checks/check41

@@ -12,6 +12,7 @@ CHECK_ID_check41="4.1"
 CHECK_TITLE_check41="[check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)"
 CHECK_SCORED_check41="SCORED"
 CHECK_TYPE_check41="LEVEL2"
+CHECK_SEVERITY_check41="High"
 CHECK_ASFF_TYPE_check41="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check41="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check401="check41"

checks/check42

@@ -12,6 +12,7 @@ CHECK_ID_check42="4.2"
 CHECK_TITLE_check42="[check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)"
 CHECK_SCORED_check42="SCORED"
 CHECK_TYPE_check42="LEVEL2"
+CHECK_SEVERITY_check42="High"
 CHECK_ASFF_TYPE_check42="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check42="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check402="check42"

checks/check43

@@ -12,6 +12,7 @@ CHECK_ID_check43="4.3"
 CHECK_TITLE_check43="[check43] Ensure the default security group of every VPC restricts all traffic (Scored)"
 CHECK_SCORED_check43="SCORED"
 CHECK_TYPE_check43="LEVEL2"
+CHECK_SEVERITY_check43="Medium"
 CHECK_ASFF_TYPE_check43="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check43="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check403="check43"

checks/check44

@@ -12,6 +12,7 @@ CHECK_ID_check44="4.4"
 CHECK_TITLE_check44="[check44] Ensure routing tables for VPC peering are \"least access\" (Not Scored)"
 CHECK_SCORED_check44="NOT_SCORED"
 CHECK_TYPE_check44="LEVEL2"
+CHECK_SEVERITY_check44="Medium"
 CHECK_ASFF_TYPE_check44="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
 CHECK_ASFF_RESOURCE_TYPE_check44="AwsEc2Vpc"
 CHECK_ALTERNATE_check404="check44"

checks/check_extra71

@@ -14,6 +14,7 @@ CHECK_ID_extra71="7.1"
 CHECK_TITLE_extra71="[extra71] Ensure users of groups with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra71="NOT_SCORED"
 CHECK_TYPE_extra71="EXTRA"
+CHECK_SEVERITY_extra71="High"
 CHECK_ASFF_RESOURCE_TYPE_extra71="AwsIamUser"
 CHECK_ALTERNATE_extra701="extra71"
 CHECK_ALTERNATE_check71="extra71"

checks/check_extra710

@@ -14,6 +14,7 @@ CHECK_ID_extra710="7.10"
 CHECK_TITLE_extra710="[extra710] Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra710="NOT_SCORED"
 CHECK_TYPE_extra710="EXTRA"
+CHECK_SEVERITY_extra710="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra710="AwsEc2Instance"
 CHECK_ALTERNATE_check710="extra710"
 

checks/check_extra7100

@@ -18,6 +18,7 @@ CHECK_ID_extra7100="7.100"
 CHECK_TITLE_extra7100="[extra7100] Ensure that no custom policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *)"
 CHECK_SCORED_extra7100="NOT_SCORED"
 CHECK_TYPE_extra7100="EXTRA"
+CHECK_SEVERITY_extra7100="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra7100="AwsIamPolicy"
 CHECK_ALTERNATE_check7100="extra7100"
 

checks/check_extra711

@@ -14,6 +14,7 @@ CHECK_ID_extra711="7.11"
 CHECK_TITLE_extra711="[extra711] Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra711="NOT_SCORED"
 CHECK_TYPE_extra711="EXTRA"
+CHECK_SEVERITY_extra711="High"
 CHECK_ASFF_RESOURCE_TYPE_extra711="AwsRedshiftCluster"
 CHECK_ALTERNATE_check711="extra711"
 

checks/check_extra712

@@ -14,6 +14,7 @@ CHECK_ID_extra712="7.12"
 CHECK_TITLE_extra712="[extra712] Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra712="NOT_SCORED"
 CHECK_TYPE_extra712="EXTRA"
+CHECK_SEVERITY_extra712="Low"
 CHECK_ALTERNATE_check712="extra712"
 
  extra712(){ 

checks/check_extra713

@@ -14,6 +14,7 @@ CHECK_ID_extra713="7.13"
 CHECK_TITLE_extra713="[extra713] Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra713="NOT_SCORED"
 CHECK_TYPE_extra713="EXTRA"
+CHECK_SEVERITY_extra713="High"
 CHECK_ALTERNATE_check713="extra713"
 
 extra713(){

checks/check_extra714

@@ -14,6 +14,7 @@ CHECK_ID_extra714="7.14"
 CHECK_TITLE_extra714="[extra714] Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra714="NOT_SCORED"
 CHECK_TYPE_extra714="EXTRA"
+CHECK_SEVERITY_extra714="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra714="AwsCloudFrontDistribution"
 CHECK_ALTERNATE_check714="extra714"
 

checks/check_extra715

@@ -14,6 +14,7 @@ CHECK_ID_extra715="7.15"
 CHECK_TITLE_extra715="[extra715] Check if Amazon Elasticsearch Service (ES) domains have logging enabled"
 CHECK_SCORED_extra715="NOT_SCORED"
 CHECK_TYPE_extra715="EXTRA"
+CHECK_SEVERITY_extra715="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra715="AwsElasticsearchDomain"
 CHECK_ALTERNATE_check715="extra715"
 

checks/check_extra716

@@ -14,6 +14,7 @@ CHECK_ID_extra716="7.16"
 CHECK_TITLE_extra716="[extra716] Check if Amazon Elasticsearch Service (ES) domains are set as Public or if it has open policy access"
 CHECK_SCORED_extra716="NOT_SCORED"
 CHECK_TYPE_extra716="EXTRA"
+CHECK_SEVERITY_extra716="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra716="AwsElasticsearchDomain"
 CHECK_ALTERNATE_check716="extra716"
 

checks/check_extra717

@@ -14,6 +14,7 @@ CHECK_ID_extra717="7.17"
 CHECK_TITLE_extra717="[extra717] Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra717="NOT_SCORED"
 CHECK_TYPE_extra717="EXTRA"
+CHECK_SEVERITY_extra717="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra717="AwsElbLoadBalancer"
 CHECK_ALTERNATE_check717="extra717"
 

checks/check_extra718

@@ -14,6 +14,7 @@ CHECK_ID_extra718="7.18"
 CHECK_TITLE_extra718="[extra718] Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra718="NOT_SCORED"
 CHECK_TYPE_extra718="EXTRA"
+CHECK_SEVERITY_extra718="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra718="AwsS3Bucket"
 CHECK_ALTERNATE_check718="extra718"
 

checks/check_extra719

@@ -14,6 +14,7 @@ CHECK_ID_extra719="7.19"
 CHECK_TITLE_extra719="[extra719] Check if Route53 public hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra719="NOT_SCORED"
 CHECK_TYPE_extra719="EXTRA"
+CHECK_SEVERITY_extra719="Medium"
 CHECK_ALTERNATE_check719="extra719"
 
 extra719(){

checks/check_extra72

@@ -14,6 +14,7 @@ CHECK_ID_extra72="7.2"
 CHECK_TITLE_extra72="[extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra72="NOT_SCORED"
 CHECK_TYPE_extra72="EXTRA"
+CHECK_SEVERITY_extra72="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra72="AwsEc2Snapshot"
 CHECK_ALTERNATE_extra702="extra72"
 CHECK_ALTERNATE_check72="extra72"

checks/check_extra720

@@ -14,6 +14,7 @@ CHECK_ID_extra720="7.20"
 CHECK_TITLE_extra720="[extra720] Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra720="NOT_SCORED"
 CHECK_TYPE_extra720="EXTRA"
+CHECK_SEVERITY_extra720="Low"
 CHECK_ASFF_RESOURCE_TYPE_extra720="AwsLambdaFunction"
 CHECK_ALTERNATE_check720="extra720"
 

checks/check_extra721

@@ -14,6 +14,7 @@ CHECK_ID_extra721="7.21"
 CHECK_TITLE_extra721="[extra721] Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra721="NOT_SCORED"
 CHECK_TYPE_extra721="EXTRA"
+CHECK_SEVERITY_extra721="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra721="AwsRedshiftCluster"
 CHECK_ALTERNATE_check721="extra721"
 

checks/check_extra722

@@ -14,6 +14,7 @@ CHECK_ID_extra722="7.22"
 CHECK_TITLE_extra722="[extra722] Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra722="NOT_SCORED"
 CHECK_TYPE_extra722="EXTRA"
+CHECK_SEVERITY_extra722="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra722="AwsApiGatewayRestApi"
 CHECK_ALTERNATE_check722="extra722"
 

checks/check_extra723

@@ -14,6 +14,7 @@ CHECK_ID_extra723="7.23"
 CHECK_TITLE_extra723="[extra723] Check if RDS Snapshots and Cluster Snapshots are public (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra723="NOT_SCORED"
 CHECK_TYPE_extra723="EXTRA"
+CHECK_SEVERITY_extra723="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra723="AwsRdsDbSnapshot"
 CHECK_ALTERNATE_check723="extra723"
 

checks/check_extra724

@@ -14,6 +14,7 @@ CHECK_ID_extra724="7.24"
 CHECK_TITLE_extra724="[extra724] Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra724="NOT_SCORED"
 CHECK_TYPE_extra724="EXTRA"
+CHECK_SEVERITY_extra724="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra724="AwsCertificateManagerCertificate"
 CHECK_ALTERNATE_check724="extra724"
 

checks/check_extra725

@@ -15,6 +15,7 @@ CHECK_ID_extra725="7.25"
 CHECK_TITLE_extra725="[extra725] Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra725="NOT_SCORED"
 CHECK_TYPE_extra725="EXTRA"
+CHECK_SEVERITY_extra725="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra725="AwsS3Bucket"
 CHECK_ALTERNATE_check725="extra725"
 

checks/check_extra726

@@ -15,6 +15,7 @@ CHECK_ID_extra726="7.26"
 CHECK_TITLE_extra726="[extra726] Check Trusted Advisor for errors and warnings (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra726="NOT_SCORED"
 CHECK_TYPE_extra726="EXTRA"
+CHECK_SEVERITY_extra726="Medium"
 CHECK_ALTERNATE_check726="extra726"
 
 extra726(){

checks/check_extra727

@@ -15,6 +15,7 @@ CHECK_ID_extra727="7.27"
 CHECK_TITLE_extra727="[extra727] Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra727="NOT_SCORED"
 CHECK_TYPE_extra727="EXTRA"
+CHECK_SEVERITY_extra727="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra727="AwsSqsQueue"
 CHECK_ALTERNATE_check727="extra727"
 

checks/check_extra728

@@ -15,6 +15,7 @@ CHECK_ID_extra728="7.28"
 CHECK_TITLE_extra728="[extra728] Check if SQS queues have Server Side Encryption enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra728="NOT_SCORED"
 CHECK_TYPE_extra728="EXTRA"
+CHECK_SEVERITY_extra728="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra728="AwsSqsQueue"
 CHECK_ALTERNATE_check728="extra728"
 

checks/check_extra729

@@ -15,6 +15,7 @@ CHECK_ID_extra729="7.29"
 CHECK_TITLE_extra729="[extra729] Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra729="NOT_SCORED"
 CHECK_TYPE_extra729="EXTRA"
+CHECK_SEVERITY_extra729="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra729="AwsEc2Volume"
 CHECK_ALTERNATE_check729="extra729"
 

checks/check_extra73

@@ -15,6 +15,7 @@ CHECK_ID_extra73="7.3"
 CHECK_TITLE_extra73="[extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra73="NOT_SCORED"
 CHECK_TYPE_extra73="EXTRA"
+CHECK_SEVERITY_extra73="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra73="AwsS3Bucket"
 CHECK_ALTERNATE_extra703="extra73"
 CHECK_ALTERNATE_check73="extra73"

checks/check_extra730

@@ -17,6 +17,7 @@ CHECK_ID_extra730="7.30"
 CHECK_TITLE_extra730="[extra730] Check if ACM Certificates are about to expire in $DAYS_TO_EXPIRE_THRESHOLD days or less (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra730="NOT_SCORED"
 CHECK_TYPE_extra730="EXTRA"
+CHECK_SEVERITY_extra730="High"
 CHECK_ASFF_RESOURCE_TYPE_extra730="AwsCertificateManagerCertificate"
 CHECK_ALTERNATE_check730="extra730"
 

checks/check_extra731

@@ -15,6 +15,7 @@ CHECK_ID_extra731="7.31"
 CHECK_TITLE_extra731="[extra731] Check if SNS topics have policy set as Public (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra731="NOT_SCORED"
 CHECK_TYPE_extra731="EXTRA"
+CHECK_SEVERITY_extra731="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra731="AwsSnsTopic"
 CHECK_ALTERNATE_check731="extra731"
 

checks/check_extra732

@@ -15,6 +15,7 @@ CHECK_ID_extra732="7.32"
 CHECK_TITLE_extra732="[extra732] Check if Geo restrictions are enabled in CloudFront distributions (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra732="NOT_SCORED"
 CHECK_TYPE_extra732="EXTRA"
+CHECK_SEVERITY_extra732="Low"
 CHECK_ASFF_RESOURCE_TYPE_extra732="AwsCloudFrontDistribution"
 CHECK_ALTERNATE_check732="extra732"
 

checks/check_extra733

@@ -15,6 +15,7 @@ CHECK_ID_extra733="7.33"
 CHECK_TITLE_extra733="[extra733] Check if there are SAML Providers then STS can be used (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra733="NOT_SCORED"
 CHECK_TYPE_extra733="EXTRA"
+CHECK_SEVERITY_extra733="Low"
 CHECK_ALTERNATE_check733="extra733"
 
 extra733(){

checks/check_extra734

@@ -14,6 +14,7 @@ CHECK_ID_extra734="7.34"
 CHECK_TITLE_extra734="[extra734] Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra734="NOT_SCORED"
 CHECK_TYPE_extra734="EXTRA"
+CHECK_SEVERITY_extra734="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra734="AwsS3Bucket"
 CHECK_ALTERNATE_check734="extra734"
 

checks/check_extra735

@@ -14,6 +14,7 @@ CHECK_ID_extra735="7.35"
 CHECK_TITLE_extra735="[extra735] Check if RDS instances storage is encrypted (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra735="NOT_SCORED"
 CHECK_TYPE_extra735="EXTRA"
+CHECK_SEVERITY_extra735="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra735="AwsRdsDbInstance"
 CHECK_ALTERNATE_check735="extra735"
 

checks/check_extra736

@@ -14,6 +14,7 @@ CHECK_ID_extra736="7.36"
 CHECK_TITLE_extra736="[extra736] Check exposed KMS keys (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra736="NOT_SCORED"
 CHECK_TYPE_extra736="EXTRA"
+CHECK_SEVERITY_extra736="Critical"
 CHECK_ASFF_RESOURCE_TYPE_extra736="AwsKmsKey"
 CHECK_ALTERNATE_check736="extra736"
 

checks/check_extra737

@@ -14,6 +14,7 @@ CHECK_ID_extra737="7.37"
 CHECK_TITLE_extra737="[extra737] Check KMS keys with key rotation disabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra737="NOT_SCORED"
 CHECK_TYPE_extra737="EXTRA"
+CHECK_SEVERITY_extra737="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra737="AwsKmsKey"
 CHECK_ALTERNATE_check737="extra737"
 

checks/check_extra738

@@ -14,6 +14,7 @@ CHECK_ID_extra738="7.38"
 CHECK_TITLE_extra738="[extra738] Check if CloudFront distributions are set to HTTPS (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra738="NOT_SCORED"
 CHECK_TYPE_extra738="EXTRA"
+CHECK_SEVERITY_extra738="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra738="AwsCloudFrontDistribution"
 CHECK_ALTERNATE_check738="extra738"
 

checks/check_extra739

@@ -14,6 +14,7 @@ CHECK_ID_extra739="7.39"
 CHECK_TITLE_extra739="[extra739] Check if RDS instances have backup enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra739="NOT_SCORED"
 CHECK_TYPE_extra739="EXTRA"
+CHECK_SEVERITY_extra739="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra739="AwsRdsDbInstance"
 CHECK_ALTERNATE_check739="extra739"
 

checks/check_extra74

@@ -14,6 +14,7 @@ CHECK_ID_extra74="7.4"
 CHECK_TITLE_extra74="[extra74] Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra74="NOT_SCORED"
 CHECK_TYPE_extra74="EXTRA"
+CHECK_SEVERITY_extra74="High"
 CHECK_ASFF_RESOURCE_TYPE_extra74="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_extra704="extra74"
 CHECK_ALTERNATE_check74="extra74"

checks/check_extra740

@@ -14,6 +14,7 @@ CHECK_ID_extra740="7.40"
 CHECK_TITLE_extra740="[extra740] Check if EBS snapshots are encrypted (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra740="NOT_SCORED"
 CHECK_TYPE_extra740="EXTRA"
+CHECK_SEVERITY_extra740="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra740="AwsEc2Snapshot"
 CHECK_ALTERNATE_check740="extra740"
 

checks/check_extra741

@@ -14,6 +14,7 @@ CHECK_ID_extra741="7.41"
 CHECK_TITLE_extra741="[extra741] Find secrets in EC2 User Data (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra741="NOT_SCORED"
 CHECK_TYPE_extra741="EXTRA"
+CHECK_SEVERITY_extra741="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra741="AwsEc2Instance"
 CHECK_ALTERNATE_check741="extra741"
 

checks/check_extra742

@@ -14,6 +14,7 @@ CHECK_ID_extra742="7.42"
 CHECK_TITLE_extra742="[extra742] Find secrets in CloudFormation outputs (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra742="NOT_SCORED"
 CHECK_TYPE_extra742="EXTRA"
+CHECK_SEVERITY_extra742="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra742="AwsCloudFormationStack"
 CHECK_ALTERNATE_check742="extra742"
 

checks/check_extra743

@@ -14,6 +14,7 @@ CHECK_ID_extra743="7.43"
 CHECK_TITLE_extra743="[extra743] Check if API Gateway has client certificate enabled to access your backend endpoint (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra743="NOT_SCORED"
 CHECK_TYPE_extra743="EXTRA"
+CHECK_SEVERITY_extra743="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra743="AwsApiGatewayRestApi"
 CHECK_ALTERNATE_check743="extra743"
 

checks/check_extra744

@@ -14,6 +14,7 @@ CHECK_ID_extra744="7.44"
 CHECK_TITLE_extra744="[extra744] Check if API Gateway has a WAF ACL attached (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra744="NOT_SCORED"
 CHECK_TYPE_extra744="EXTRA"
+CHECK_SEVERITY_extra744="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra744="AwsApiGatewayRestApi"
 CHECK_ALTERNATE_check744="extra744"
 

checks/check_extra745

@@ -14,6 +14,7 @@ CHECK_ID_extra745="7.45"
 CHECK_TITLE_extra745="[extra745] Check if API Gateway endpoint is public or private (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra745="NOT_SCORED"
 CHECK_TYPE_extra745="EXTRA"
+CHECK_SEVERITY_extra745="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra745="AwsApiGatewayRestApi"
 CHECK_ALTERNATE_check745="extra745"
 

checks/check_extra746

@@ -14,6 +14,7 @@ CHECK_ID_extra746="7.46"
 CHECK_TITLE_extra746="[extra746] Check if API Gateway has configured authorizers (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra746="NOT_SCORED"
 CHECK_TYPE_extra746="EXTRA"
+CHECK_SEVERITY_extra746="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra746="AwsApiGatewayRestApi"
 CHECK_ALTERNATE_check746="extra746"
 

checks/check_extra747

@@ -14,6 +14,7 @@ CHECK_ID_extra747="7.47"
 CHECK_TITLE_extra747="[extra747] Check if RDS instances is integrated with CloudWatch Logs  (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra747="NOT_SCORED"
 CHECK_TYPE_extra747="EXTRA"
+CHECK_SEVERITY_extra747="Medium"
 CHECK_ASFF_RESOURCE_TYPE_extra747="AwsRdsDbInstance"
 CHECK_ALTERNATE_check747="extra747"
 

checks/check_extra748

@@ -14,6 +14,7 @@ CHECK_ID_extra748="7.48"
 CHECK_TITLE_extra748="[extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra748="NOT_SCORED"
 CHECK_TYPE_extra748="EXTRA"
+CHECK_SEVERITY_extra748="High"
 CHECK_ASFF_RESOURCE_TYPE_extra748="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check748="extra748"
 

checks/check_extra749

@@ -14,6 +14,7 @@ CHECK_ID_extra749="7.49"
 CHECK_TITLE_extra749="[extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483 (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra749="NOT_SCORED"
 CHECK_TYPE_extra749="EXTRA"
+CHECK_SEVERITY_extra749="High"
 CHECK_ASFF_RESOURCE_TYPE_extra749="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check749="extra749"
 

checks/check_extra75

@@ -14,6 +14,7 @@ CHECK_ID_extra75="7.5"
 CHECK_TITLE_extra75="[extra75] Ensure there are no Security Groups not being used (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra75="NOT_SCORED"
 CHECK_TYPE_extra75="EXTRA"
+CHECK_SEVERITY_extra75="Informational"
 CHECK_ASFF_RESOURCE_TYPE_extra75="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_extra705="extra75"
 CHECK_ALTERNATE_check75="extra75"

checks/check_extra750

@@ -14,6 +14,7 @@ CHECK_ID_extra750="7.50"
 CHECK_TITLE_extra750="[extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306 (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra750="NOT_SCORED"
 CHECK_TYPE_extra750="EXTRA"
+CHECK_SEVERITY_extra750="High"
 CHECK_ASFF_RESOURCE_TYPE_extra750="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check750="extra750"
 

checks/check_extra751

@@ -14,6 +14,7 @@ CHECK_ID_extra751="7.51"
 CHECK_TITLE_extra751="[extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432 (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra751="NOT_SCORED"
 CHECK_TYPE_extra751="EXTRA"
+CHECK_SEVERITY_extra751="High"
 CHECK_ASFF_RESOURCE_TYPE_extra751="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check751="extra751"
 

checks/check_extra752

@@ -14,6 +14,7 @@ CHECK_ID_extra752="7.52"
 CHECK_TITLE_extra752="[extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379 (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra752="NOT_SCORED"
 CHECK_TYPE_extra752="EXTRA"
+CHECK_SEVERITY_extra752="High"
 CHECK_ASFF_RESOURCE_TYPE_extra752="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check752="extra752"
 

checks/check_extra753

@@ -14,6 +14,7 @@ CHECK_ID_extra753="7.53"
 CHECK_TITLE_extra753="[extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018 (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra753="NOT_SCORED"
 CHECK_TYPE_extra753="EXTRA"
+CHECK_SEVERITY_extra753="High"
 CHECK_ASFF_RESOURCE_TYPE_extra753="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check753="extra753"
 

checks/check_extra754

@@ -14,6 +14,7 @@ CHECK_ID_extra754="7.54"
 CHECK_TITLE_extra754="[extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888 (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra754="NOT_SCORED"
 CHECK_TYPE_extra754="EXTRA"
+CHECK_SEVERITY_extra754="High"
 CHECK_ASFF_RESOURCE_TYPE_extra754="AwsEc2SecurityGroup"
 CHECK_ALTERNATE_check754="extra754"