Views:
January 12, 2023, Conformity—The following updates are now available with Conformity's latest release on 12 January 2023.
Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.39. Click here to access the current custom policy.
New Rules
Azure
  • Monitor-010: Enable Subscription Activity Log Diagnostic Settings: This rule ensures that Azure Monitor Activity Logs for your subscription are exported to an appropriate data store using diagnostic settings. This rule also replaces the rule: `Monitor-001 - Azure Activity Log Profile in Use` which will be deprecated soon.
  • ActivityLog-028: Create Alert for `Create or Update Public IP Address` Events: This rule ensures that activity log alerts are created for the `Create or Update Public IP Address` events.
GCP
  • ResourceManager-003: Enforce Uniform Bucket-Level Access: This rule ensures that `Enforce Uniform bucket-level access organization` policy is enabled at the Google Cloud Platform (GCP) organization level, and that the project inherits the parent's policy.
  • ResourceManager-002: Disable Automatic IAM Role Grants for Default Service Accounts: This rule ensures that `Disable Automatic IAM Grants for Default Service Accounts` policy is enforced.
  • Dataproc-001: Enable Dataproc Cluster Encryption with Customer-Managed Keys: This rule ensures that your Dataproc Clusters on Compute Engine are encrypted using Customer-Managed Keys (CMKs).
Platform Updates
  • We've now empowered the Conformity Bot with the following 10 additional regions to support GCP:
  • eur4
  • eur6
  • nam4
  • nam7
  • nam8
  • nam10
  • nam11
  • nam12
  • nam13
  • nam-eur-asia1
  • We've also improved our PDF report engine to generate reports with up to 5,000 checks.
Bug Fixes
  • Fixed a bug where checks for CloudStorage Buckets resources returned incorrect region value i.e. `global` for a region with hosted resources.
  • Fixed a bug where the Deprecated Rules were being enabled on clicking the 'Reset to Default' button.