Ensure your RDS instances are not using there default port
Ensure that your RDS database instances have specified another port to use other than there default port. This will help limit attacks against your database as understanding what port is open can give a hacker insight into what database you are running and craft and exploit directly targeting that specific database engine. This is why this is considered a security best practice and should be enabled. Ensuring this is enabled will help with NIST compliance.