September 28, 2022, Conformity—The following features and updates are now available
with Conformity's latest release on 28 September 2022.
- Updated the following Compliance Standards and Reports to include the newly released rules:
- Azure Well-Architected Framework
- AWS Well-Architected Framework
- NIS Europe OES-2019
Bug Fixes
- Fixed a bug where the Lambda rules displayed only 50 checks per region.
Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current
custom policy version is 1.38. Click here to access the current custom policy.
New Rule
GCP
- GKE-001: Enable GKE Cluster Node Encryption with Customer-Managed Keys: This rule ensures that boot disk encryption with Customer-Managed Keys is enabled for GKE cluster nodes.
- BigQuery-003: Enable BigQuery Dataset Encryption with Customer-Managed Encryption Keys: This rule ensures that all your Google Cloud BigQuery datasets are encrypted using Customer-Managed Encryption Keys (CMEKs).
- CloudSQL-027: Enable 'cloudsql.enable_pgaudit' and 'pgaudit.log' Flags for PostgreSQL Database Instances: This rule ensures that `cloudsql.enable_pgaudit` and `pgaudit.log` flags are enabled for Google Cloud PostgreSQL server instances.
- CloudSQL-028: Disable '3625' Trace Flag for SQL Server Database Instances: This rule ensures that the `3625` trace flag for SQL database servers is set to `off`.
- CloudIAM-012: Enable Access Approval: This rule ensures that `Access Approval` is enabled for your Google Cloud account.
- CloudAPI-004: Enable Cloud Asset Inventory This rule ensures that `Google Cloud Asset Inventory` is enabled for your GCP projects.
Azure
- PostgreSQL-012: Enable Infrastructure Double Encryption: This rule ensures that infrastructure double encryption is enabled for all Azure PostgreSQL database servers.
- PostgreSQL-013: log_checkpoints" Parameter for PostgreSQL Flexible Servers: This rule ensures that the `log_checkpoints` parameter for your Microsoft Azure PostgreSQL flexible database servers is set to `ON`.
Rule Bug Fix
- ELB-007: ELB Security Group: Fixed a bug where the rule did not generate checks for some regions with access permissions to Conformity.