20 January 2021 - Rules + General Release Notice
Custom Policy Updates
There is no change to the custom policy as a result of the new Trend Micro Cloud One™ – Conformity release and hence no user action is required. The current custom policy version is 1.23.
New API Documentation Portal
Conformity's API documentation is now available at https://cloudone.trendmicro.com/docs/conformity/api-reference/ and is no longer maintained in the old address: https://github.com/cloudconformity/documentation-api.
Input Validation for the title in Report form
Validates report title for a valid filename when generating a report and when saving a report config. This is to fix issues where the report can't be opened in certain browsers or operating systems and to prevent security exploits.
General Bug Fixes
- Fixed a bug when creating account groups where the account tag entered had to be followed by a comma or enter to save the tag selection.
- Fixed a bug where custom user's account permissions for SSO were retained when the user has been revoked.
- Fixed a bug to remove default active checkboxes in slack/ms-team communication configuration, but allow users to open and close the configuration then turn automatic notifications on.
- AccessAnalyser-001: IAM Access Analyser in Use
This rule checks if IAM Access Analyzer is in use for your AWS regions.
- EC2-075: Check for Unrestricted Memcached Access
This rule checks if a security group allows unrestricted inbound access to TCP/UDP port 11211 (Memcached).
- EC2-074: Check for Unrestricted Redis Access
This rule checks if a security group allows unrestricted inbound access to TCP/UDP port 6379 (Redis)
- Lambda-008: Enable Encryption for Lambda Environment Variables
Ensure encryption is enabled for the AWS Lambda environment variables that store sensitive information.
- Lambda-009: Use AWS KMS Customer Master Keys for Lambda Environment Variables Encryption
Ensure Lambda environment variables are encrypted with KMS Customer Master Keys (CMKs) to gain full control over data encryption and decryption.
- VirtualMachines-029: Check for Azure Desired VM SKU Size(s)
This rule ensures that your virtual machine instances are of a given SKU size (e.g. Standard_A8_v2).
- VirtualMachines-030: Check for Unused Load Balancers
This rule identifies any unused load balancers available within your Azure cloud account so that they can be deleted in order to eliminate unnecessary costs and meet compliance requirements when it comes to cloud resource management.
- VirtualMachines-031: Approved Azure Machine Image in Use
Ensure that all your Azure virtual machine instances are launched from approved machine images only. 4. VirtualMachines-032: Enable Instance Termination Notifications for Virtual Machine Scale Sets
Ensure that instance termination notifications are enabled for your Azure virtual machine scale sets.
- S3-025: S3 Buckets Encrypted with Customer-Provided CMKs
Checks for S3-025 will now not be displayed for resources that exist in regions disabled on Conformity Bot settings.
- WellArchitected-001: AWS-Well Architected Tools
Well Architected-002: AWS-Well Architected Tool Findings
Fixed issue where WellArchitected-001 and WellArchitected-002 were only checking us-west-2 region.