Views:
August 23, 2022, Conformity—The following features and updates are now available with Conformity's latest release on 23 August 2022.
  • You can now search and add GCP projects while onboarding your GCP accounts to Conformity.
  • You can also view and onboard all GCP projects as we've eliminated the 100 projects limit.
  • Updated the following Compliance Standards and Reports to include newly release rules:
  • HITRUST CSF v9.3
  • HIPAA 45CFR164
  • NIST 800-53 Rev4
  • FedRAMP rev4
  • SOC 2 Nov 2019
  • Updated the following Compliance & Conformity Reports to include newly released rules:
  • ISO 27001:2013 - updated May 2022
  • NIST 800-53 Rev5 - updated June 2022, also available to GCP accounts now
Bug Fixes
  • Fixed a bug to improve CSV compliance and generic reports generation with a huge number of checks.
  • Fixed a bug to change the API response from status code `200` to `422` when a custom rule is run with wrong configuration.
  • Fixed a bug where account level rule setting exceptions were deleted on applying a profile with no configured exceptions AND “include exceptions” unchecked.
Custom Policy Updates
We've updated the custom policy as a result of the new deployment. The new custom policy version is 1.38. Click here to access the current custom policy.
And the new permissions added are:
  • `appflow:DescribeFlow`
  • `appflow:ListFlows`
New Rules
Azure
  • Network-025: Check for Unrestricted Inbound TCP or UDP Access on Selected Ports: This rule ensures that no network security groups allow unrestricted inbound access via TCP or UDP on selected ports.
AWS
  • AppFlow-001: Enable Data Encryption with KMS Customer Master Keys: This rule ensures that Amazon AppFlow flows are encrypted with KMS Customer Master Keys (CMKs).
GCP
  • CloudLoadBalancing-002: Check for Cloud SQL Database Instances with Public IPs: This rule ensures that Cloud SQL database instances don't have any public IP addresses assigned.
Rule Bug Fix
  • CT-002 CloudTrail S3 Bucket Logging Enabled: Fixed a bug where the rule did not correctly exclude the relevant S3 resource using exceptions via tags.