August 23, 2022, Conformity—The following features and updates are now available with
Conformity's latest release on 23 August 2022.
- You can now search and add GCP projects while onboarding your GCP accounts to Conformity.
- You can also view and onboard all GCP projects as we've eliminated the 100 projects limit.
- Uninstall Azure RTM script is now available.
- Updated the following Compliance Standards and Reports to include newly release rules:
- HITRUST CSF v9.3
- HIPAA 45CFR164
- NIST 800-53 Rev4
- FedRAMP rev4
- SOC 2 Nov 2019
- Updated the following Compliance & Conformity Reports to include newly released rules:
- ISO 27001:2013 - updated May 2022
- NIST 800-53 Rev5 - updated June 2022, also available to GCP accounts now
Bug Fixes
- Fixed a bug to improve CSV compliance and generic reports generation with a huge number of checks.
- Fixed a bug to change the API response from status code `200` to `422` when a custom rule is run with wrong configuration.
- Fixed a bug where account level rule setting exceptions were deleted on applying a profile with no configured exceptions AND “include exceptions” unchecked.
Custom Policy Updates
We've updated the custom policy as a result of the new deployment. The new custom
policy version is 1.38. Click here to access the current custom policy.
And the new permissions added are:
- `appflow:DescribeFlow`
- `appflow:ListFlows`
New Rules
Azure
- Network-025: Check for Unrestricted Inbound TCP or UDP Access on Selected Ports: This rule ensures that no network security groups allow unrestricted inbound access via TCP or UDP on selected ports.
AWS
- AppFlow-001: Enable Data Encryption with KMS Customer Master Keys: This rule ensures that Amazon AppFlow flows are encrypted with KMS Customer Master Keys (CMKs).
GCP
- CloudLoadBalancing-002: Check for Cloud SQL Database Instances with Public IPs: This rule ensures that Cloud SQL database instances don't have any public IP addresses assigned.
Rule Bug Fix
- CT-002 CloudTrail S3 Bucket Logging Enabled: Fixed a bug where the rule did not correctly exclude the relevant S3 resource using exceptions via tags.