Conformity Enhancements for AWS and Azure Compliance Standards

Views:

November 21, 2022, Conformity—The following features and updates are now available with Conformity's latest release on 21 November 2022.

The FISC Security Guidelines v9 compliance standard mapping now supports the latest AWS and Azure rules released in Conformity.

Bug Fixes

Enhanced the scanning of all AWS RDS Instances to reduce throttling.
Fixed a bug where the note for 'number of checks included' indicated an incorrect count while configuring a report for individual checks.
Fixed a bug where the 'Account rule settings' notes were not being saved correctly for the Custom Role Full Access Users.
KMS-002:Key Rotation Enabled: Fixed a bug where checks were generated incorrectly if the KMS key did not support key rotation.

Custom Policy Updates

There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.38. Click here to access the current custom policy.

Rules

Azure

SecurityCenter-039: Enable Automatic Provisioning of Vulnerability Assessment for Virtual Machines: This rule advises users to manually check that automatic provisioning of vulnerability assessment solutions is `Enabled` for virtual machines.

Rule Updates

Fixed an issue with the following rules handling AWS regions with restricted permissions in Conformity:

EBS-010: EBS Volumes Attached to Stopped EC2 Instances

VPC-016: VPC Endpoints in Use

S3-025: S3 Buckets Encrypted with Customer-Provided CMKs

CT-003: Publicly Accessible CloudTrail Buckets

RDS-027: Instance Level Events Subscriptions

RDS-028: Security Groups Events Subscriptions

RDS-029: RDS Event Notifications

RDS-039: RDS Instance Not in Public Subnet

End of Life - Conformity Cost Optimization Feature

*The Conformity Cost Optimization feature will reach end of life with the upcoming release on 21 November 2022. If you've missed our advance notice, please read through the details below.*

Why are we doing this?

The Cost Optimization feature used data from the deprecated AWS ‘Detailed Billing Report’. AWS strongly recommends that all customers move away from this report and migrate to the newer Cost and Usage Report.

We have decided to discontinue all support for Cost Analysis as our strategic focus as Trend Micro Cloud One ™ Conformity is on core Cloud Security Posture management (CSPM) features.

What does it mean for you?

No Cost Optimization widget - you will stop seeing the Cost Optimization widget on your Organizations’ Main Dashboard.

What happens to the Cost Rules?

All Cost category rules except for the following Rules will still be available to all customers. We’re deprecating these four Rules because their AWS data source is a deprecated AWS billing report.

Budgets- 001: Budget Overrun

Budgets -002: Cost Fluctuation

Budgets-003: Budgets Overrun Forecast

Budgets-004: Cost Fluctuation Forecast

What do I need to do?

You don't need to do anything at your end. If you wish, you can turn off the AWS Billing report used by Conformity. If you have any concerns or queries regarding the end of life for the Cost Optimization feature, please reach out to your account managers.

*The Cost Optimization feature is unavailable to our Trend Micro Cloud One ™ Conformity customers.*