January 12, 2023, Conformity—The following updates are now available with Conformity's
latest release on 12 January 2023.
Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current
custom policy version is 1.39. Click here to access the current custom policy.
New Rules
Azure
- Monitor-010: Enable Subscription Activity Log Diagnostic Settings: This rule ensures that Azure Monitor Activity Logs for your subscription are exported to an appropriate data store using diagnostic settings. This rule also replaces the rule: `Monitor-001 - Azure Activity Log Profile in Use` which will be deprecated soon.
- ActivityLog-028: Create Alert for `Create or Update Public IP Address` Events: This rule ensures that activity log alerts are created for the `Create or Update Public IP Address` events.
GCP
- ResourceManager-003: Enforce Uniform Bucket-Level Access: This rule ensures that `Enforce Uniform bucket-level access organization` policy is enabled at the Google Cloud Platform (GCP) organization level, and that the project inherits the parent's policy.
- ResourceManager-002: Disable Automatic IAM Role Grants for Default Service Accounts: This rule ensures that `Disable Automatic IAM Grants for Default Service Accounts` policy is enforced.
- Dataproc-001: Enable Dataproc Cluster Encryption with Customer-Managed Keys: This rule ensures that your Dataproc Clusters on Compute Engine are encrypted using Customer-Managed Keys (CMKs).
Platform Updates
- We've now empowered the Conformity Bot with the following 10 additional regions to support GCP:
- eur4
- eur6
- nam4
- nam7
- nam8
- nam10
- nam11
- nam12
- nam13
- nam-eur-asia1
- We've also improved our PDF report engine to generate reports with up to 5,000 checks.
Bug Fixes
- Fixed a bug where checks for CloudStorage Buckets resources returned incorrect region value i.e. `global` for a region with hosted resources.
- Fixed a bug where the Deprecated Rules were being enabled on clicking the 'Reset to Default' button.