Views:
September 28, 2022, Conformity—The following features and updates are now available with Conformity's latest release on 28 September 2022.
  • Updated the following Compliance Standards and Reports to include the newly released rules:
  • Azure Well-Architected Framework
  • AWS Well-Architected Framework
  • NIS Europe OES-2019
Bug Fixes
  • Fixed a bug where the Lambda rules displayed only 50 checks per region.
Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.38. Click here to access the current custom policy.
New Rule
GCP
  • GKE-001: Enable GKE Cluster Node Encryption with Customer-Managed Keys: This rule ensures that boot disk encryption with Customer-Managed Keys is enabled for GKE cluster nodes.
  • BigQuery-003: Enable BigQuery Dataset Encryption with Customer-Managed Encryption Keys: This rule ensures that all your Google Cloud BigQuery datasets are encrypted using Customer-Managed Encryption Keys (CMEKs).
  • CloudSQL-027: Enable 'cloudsql.enable_pgaudit' and 'pgaudit.log' Flags for PostgreSQL Database Instances: This rule ensures that `cloudsql.enable_pgaudit` and `pgaudit.log` flags are enabled for Google Cloud PostgreSQL server instances.
  • CloudSQL-028: Disable '3625' Trace Flag for SQL Server Database Instances: This rule ensures that the `3625` trace flag for SQL database servers is set to `off`.
  • CloudIAM-012: Enable Access Approval: This rule ensures that `Access Approval` is enabled for your Google Cloud account.
  • CloudAPI-004: Enable Cloud Asset Inventory This rule ensures that `Google Cloud Asset Inventory` is enabled for your GCP projects.
Azure
  • PostgreSQL-012: Enable Infrastructure Double Encryption: This rule ensures that infrastructure double encryption is enabled for all Azure PostgreSQL database servers.
  • PostgreSQL-013: log_checkpoints" Parameter for PostgreSQL Flexible Servers: This rule ensures that the `log_checkpoints` parameter for your Microsoft Azure PostgreSQL flexible database servers is set to `ON`.
Rule Bug Fix
  • ELB-007: ELB Security Group: Fixed a bug where the rule did not generate checks for some regions with access permissions to Conformity.