diff --git a/conformance_pack/vpc.sp b/conformance_pack/vpc.sp
index f2bedd0b..44f4fe58 100644
--- a/conformance_pack/vpc.sp
+++ b/conformance_pack/vpc.sp
@@ -102,10 +102,10 @@ control "vpc_eip_associated" {
   })
 }
 
-control "vpc_security_group_associated" {
+control "vpc_security_group_associated_to_eni" {
   title       = "VPC security groups should be associated with at least one ENI"
   description = "This rule ensures the security groups are attached to an Amazon Elastic Compute Cloud (Amazon EC2) instance or to an ENI. This rule helps monitoring unused security groups in the inventory and the management of your environment."
-  sql         = query.vpc_security_group_associated.sql
+  sql         = query.vpc_security_group_associated_to_eni.sql
 
   tags = merge(local.conformance_pack_ec2_common_tags, {
     nist_csf = "true"
diff --git a/nist_csf/function_pr.sp b/nist_csf/function_pr.sp
index a6df817f..27a468e4 100644
--- a/nist_csf/function_pr.sp
+++ b/nist_csf/function_pr.sp
@@ -220,7 +220,7 @@ benchmark "nist_csf_pr_ds_3" {
     control.ec2_instance_ssm_managed,
     control.ssm_managed_instance_compliance_association_compliant,
     control.vpc_eip_associated,
-    control.vpc_security_group_associated,
+    control.vpc_security_group_associated_to_eni,
   ]
 
   tags = local.nist_csf_common_tags
diff --git a/query/vpc/vpc_security_group_associated.sql b/query/vpc/vpc_security_group_associated.sql
index db7daf98..8a755c20 100644
--- a/query/vpc/vpc_security_group_associated.sql
+++ b/query/vpc/vpc_security_group_associated.sql
@@ -1,3 +1,5 @@
+-- This also addresses, Lambda in VPC.
+-- As Lambda creates an elastic network interface for each subnet in your function's VPC configuration.
 with associated_sg as (
   select
     sg ->> 'GroupId' as secgrp_id,
@@ -8,7 +10,7 @@ with associated_sg as (
 )
 select
   -- Required Columns
-  s.arn as resource,
+  distinct s.arn as resource,
   case
     when a.secgrp_id = s.group_id then 'ok'
     else 'alarm'
diff --git a/query/vpc/vpc_security_group_associated_to_eni.sql b/query/vpc/vpc_security_group_associated_to_eni.sql
new file mode 100644
index 00000000..982a99f1
--- /dev/null
+++ b/query/vpc/vpc_security_group_associated_to_eni.sql
@@ -0,0 +1,26 @@
+with associated_sg as (
+  select
+    count(sg ->> 'GroupId'),
+    sg ->> 'GroupId' as secgrp_id
+  from
+    aws_ec2_network_interface,
+    jsonb_array_elements(groups) as sg
+    group by sg ->> 'GroupId'
+)
+select
+  -- Required Columns
+  distinct s.arn as resource,
+  case
+    when a.secgrp_id = s.group_id then 'ok'
+    else 'alarm'
+  end as status,
+  case
+    when a.secgrp_id = s.group_id then s.title || ' is associated with ' || a.count || ' ENI(s).'
+    else s.title || ' not associated to any ENI.'
+  end as reason,
+  -- Additional Dimensions
+  s.region,
+  s.account_id
+from
+  aws_vpc_security_group as s
+  left join associated_sg as a on s.group_id = a.secgrp_id;
\ No newline at end of file