Ensure the S3 bucket is unencryptedhas
Ensure S3 bucket is not publicly accessiblehas
PII_LIwhich marked as
critical( highest of (
high) of compliance policy failures → bumped up one level to
criticaldue to sensitive information )) Here are the variations of mapping of the highest compliance event severity, which has sensitive information and the expected Incident’s severity.