October 12, 2023, Conformity—Rules' Mapping Update for Compliance Standards
- We've updated the Rule mappings to be compliant with the System and Organization Controls 2 (SOC 2) Compliance and Standard Reports.
Rule Update
Azure
- AppService-012: Enable FTPS-Only Access: Updated this rule to resolve the case-sensitive issue to avoid false negatives.
AWS
The following rules won't generate checks for security groups that are shared from
other accounts.
- EC2-001: Security Group Port Range
- EC2-002: Unrestricted SSH Access
- EC2-003: Unrestricted RDP Access
- EC2-004: Unrestricted Oracle Access
- EC2-005: Unrestricted MySQL Access
- EC2-006: Unrestricted PostgreSQL Access
- EC2-007: Unrestricted DNS Access
- EC2-008: Unrestricted MsSQL Access
- EC2-012: Security Group Excessive Counts
- EC2-013: Security Group Large Counts
- EC2-014: Security Group Rules Counts
- EC2-032: SecurityGroup RFC 1918
- EC2-033: Unrestricted Security Group Egress
- EC2-034: Unrestricted Security Group Ingress on Uncommon Ports
- EC2-036: Security Group Naming Conventions
- EC2-038: Unrestricted Telnet Access
- EC2-039: Unrestricted SMTP Access
- EC2-040: Unrestricted RPC Access
- EC2-041: Unrestricted NetBIOS Access
- EC2-042: Unrestricted FTP Access
- EC2-043: Unrestricted CIFS Access
- EC2-044: Unrestricted ICMP Access
- EC2-045: Unrestricted MongoDB Access
- EC2-059: Descriptions for Security Group Rules
- EC2-061: Security Group Name Prefixed With 'launch-wizard'
- EC2-063: Unrestricted Elasticsearch Access
- EC2-064: Unrestricted HTTP Access
- EC2-065: Unrestricted HTTPS Access
- EC2-074: Check for Unrestricted Redis Access
- EC2-075: Check for Unrestricted Memcached Access
- RG-001: Tags
Shared security groups won't be considered by the following rules:
- EC2-015: EC2 Instance Security Group Rules Counts
- ELB-007: ELB Security Group