Open menu

20 January 2021 - Rules + General Release Notice

Custom Policy Updates

There is no change to the custom policy as a result of the new Trend Micro Cloud One™ – Conformity release and hence no user action is required. The current custom policy version is 1.23.

New API Documentation Portal

Conformity’s API documentation is now available at https://cloudone.trendmicro.com/docs/conformity/api-reference/ and is no longer maintained in the old address: https://github.com/cloudconformity/documentation-api.

Input Validation for the title in Report form

Validates report title for a valid filename when generating a report and when saving a report config. This is to fix issues where the report can’t be opened in certain browsers or operating systems and to prevent security exploits.

General Bug Fixes

  1. Fixed a bug when creating account groups where the account tag entered had to be followed by a comma or enter to save the tag selection.
  2. Fixed a bug where custom user’s account permissions for SSO were retained when the user has been revoked.
  3. Fixed a bug to remove default active checkboxes in slack/ms-team communication configuration, but allow users to open and close the configuration then turn automatic notifications on.

New Rules

AWS

  1. AccessAnalyser-001: IAM Access Analyser in Use
    This rule checks if IAM Access Analyzer is in use for your AWS regions.
  2. EC2-075: Check for Unrestricted Memcached Access
    This rule checks if a security group allows unrestricted inbound access to TCP/UDP port 11211 (Memcached).
  3. EC2-074: Check for Unrestricted Redis Access
    This rule checks if a security group allows unrestricted inbound access to TCP/UDP port 6379 (Redis)
  4. Lambda-008: Enable Encryption for Lambda Environment Variables
    Ensure encryption is enabled for the AWS Lambda environment variables that store sensitive information.
  5. Lambda-009: Use AWS KMS Customer Master Keys for Lambda Environment Variables Encryption
    Ensure Lambda environment variables are encrypted with KMS Customer Master Keys (CMKs) to gain full control over data encryption and decryption.

Azure

  1. VirtualMachines-029: Check for Azure Desired VM SKU Size(s)
    This rule ensures that your virtual machine instances are of a given SKU size (e.g. Standard_A8_v2).
  2. VirtualMachines-030: Check for Unused Load Balancers
    This rule identifies any unused load balancers available within your Azure cloud account so that they can be deleted in order to eliminate unnecessary costs and meet compliance requirements when it comes to cloud resource management.
  3. VirtualMachines-031: Approved Azure Machine Image in Use

    Ensure that all your Azure virtual machine instances are launched from approved machine images only.

  4. VirtualMachines-032: Enable Instance Termination Notifications for Virtual Machine Scale Sets

    Ensure that instance termination notifications are enabled for your Azure virtual machine scale sets.

Bug Fixes

  1. S3-025: S3 Buckets Encrypted with Customer-Provided CMKs
    Checks for S3-025 will now not be displayed for resources that exist in regions disabled on Conformity Bot settings.
  2. WellArchitected-001: AWS-Well Architected Tools

    Well Architected-002: AWS-Well Architected Tool Findings

    Fixed issue where WellArchitected-001 and WellArchitected-002 were only checking us-west-2 region.