March 09, 2022, Conformity—The following features and updates are now available with
Conformity's latest release on 9 March 2022.
- Updated Compliance Evolution Score Calculation: Conformity Compliance Status numbers are calculated based on the latest Conformity Bot run. We’ve updated the calculation of the evolution chart compliance to match the formula used in the live Conformity compliance status dashboard i.e. using the unweighted formula: (Total number of successful Checks / Total number of Checks) * 100
- Previously, the evolution compliance was an average of the compliances across accounts, which produced daily results that were not comparable with the live results because:
- The Compliance level evolution numbers are calculated based on the last 24 Conformity Bot runs
- The base dataset to calculate the values for each widget is different, therefore, even if the calculation method is the same - total successes / total checks * 100, the results are likely to be different.
- This change will affect the evolution chart API, Dashboard and the results received in the Conformity weekly summary email. For details see: Compliance Evolution
- Special Characters in Report Title and Description
We now support Chinese characters in the Title and Description fields of Report Configurations.
- Search and View Accounts by Account ID
As an Admin user, you can allow users to view and search for a cloud account by its
Account ID by toggling the ON/OFF button from Administration > Subscription > Conformity
Accounts. For more info see Subscriptions
Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current
custom policy version is 1.35. Click here to access the current custom policy.
New Rules
GCP
- CloudVPC-004: Default VPC Network In Use: This rule ensures that the default VPC network is not being used within your GCP projects.
- CloudVPC-005: Check for Legacy Networks: This rule ensures that legacy networks are not being used anymore within your GCP projects.
- CloudIAM-005: Enable Multi-Factor Authentication for User Accounts: This rule ensures that Multi-Factor Authentication (also known as 2-Step Verification or 2SV) is enabled for all user accounts in order to help protect the access to your Google Cloud Platform (GCP) resources, applications and data.
- CloudIAM-006: Enable Security Key Enforcement for Admin Accounts: This rule ensures that security key enforcement is enabled for all Google Cloud Platform (GCP) organization administrator accounts.
- CloudSQL-016: Configure Root Password for MySQL Database Access: This rule ensures that Google Cloud MySQL database instances do not allow anyone to connect with administrative privileges only, without needing a root password.
Rules Updates
- EC2-034: Unrestricted Security Group Ingress on Uncommon Ports: We’ve updated:
- The rule’s name from ‘Unrestricted Security Group Ingress’ to ‘Unrestricted Security Group Ingress on Uncommon Port’ and
- Added a configuration to enable users to allowlist AWS Security Groups by name with Regex.
Rules Bug Fixes
- RDS-034: Backtrack: Fixed a bug for the rule where checks for Aurora RDS instances were not being generated.
- VPC-016: VPC Endpoints in Use: Fixed a bug where the rule returned false positives for VPCs’ shared from another account.
- VPC-010: Unrestricted Network ACL Outbound Traffic and VPC-011: Unrestricted Network ACL Inbound Traffic: The rules have been updated to:
- Include a list of the number of compliant/non-compliant rules in the check message
- Restrict the ICMP protocol from contributing to the ‘FAILURE’ status checks
- IAM-13: MFA for IAM Users with Console Password: Fixed a bug where a stale check still existed after the IAM User Login Profile has been removed.