Views:
September 07, 2021, Conformity—The following features and updates were released to Conformity on 7th September 2021.
Standards and Frameworks
Conformity now supports the NIS Europe (OES-2019) and FISC Security Compliance(V9).
Communication Channels Update
  • ServiceNow: Updated ServiceNow communication channel to include ‘cloud provider Id’ and ‘cloud provider in the description.
  • Jira: Disabled the ‘Test settings' and the ‘Save’ buttons for Jira communication channel when the configuration is invalid. This ensures valid configuration must be selected and a successful test must be run before saving.
Bug Fixes
  • Fixed a bug where PDF Reports with 0 checks displayed a blank white page.
  • Fixed a bug where a default email communication channel was not set up when an account was added on Cloud OneConformity.
  • Fixed a bug where no error message was displayed for ‘Create/Update’ Communication settings API endpoints with more than 2 statuses were passed in the request.
  • Fixed a bug where usage of wildcard (* or ?) in the first few characters of the filtername] field for [Events API was returning an error message.
  • Fixed a bug where the "Welcome to Trend Micro Cloud One" welcome email was being sent up to three times upon email verification.
  • Fixed a bug where the user could not see the option to add an Azure account on the Subscription page if they only had AWS accounts configured.
  • Fixed a bug to generate accurate checks for Lambda-007 Rule in the Template scanner results.
  • Fixed a bug where the number of active communication channels with manual notifications turned 'ON' was not being reflected immediately.
  • Fixed a bug to remove ‘Organisational Profile' as an option in the Template Scanner dropdown option for Profile rule settings' because the organisational profile is already checked against by default.
  • Fixed a bug to prevent users from configuring exceptions using the following APIs for Rules that do not support exceptions:
  • https://eu-west-1-api.cloudconformity.com/v1/accounts/{id}/settings/rules/{ruleId}
  • https://eu-west-1-api.cloudconformity.com/v1/accounts/{id}/settings/rules
  • https://eu-west-1-api.cloudconformity.com/v1/profiles
  • https://eu-west-1-api.cloudconformity.com/v1/profiles/{id}
Custom Policy Updates
New Rule
AWS
  • IAM-068: Unapproved IAM Policy in Use: This rule checks if there are any unapproved IAM-managed policies in use.
Rule Update
Optimized rule configurations to prevent the following rules from generating false positive checks due to API throttling:
  • ELB-005: ELB Insecure SSL Protocol
  • ELB-006: ELB Insecure SSL Ciphers
  • IAM-001: Access Keys Rotated 30 Days
  • IAM-002: Access Keys Rotated 45 Days
  • IAM-004: Unnecessary Access Keys.
  • IAM-007: Password Policy Lowercase.
  • IAM-008: Password Policy Uppercase.
  • IAM-009: Password Policy Number
  • IAM-010: Password Policy Symbol
  • IAM-011: Password Policy Expiration
  • IAM-012: Password Policy Reuse Prevention
  • IAM-013: MFA For IAM Users With Console Password
  • IAM-016: IAM User Policies
  • IAM-024: IAM User With Password And Access Keys
  • IAM-025: Unnecessary SSH Public Keys
  • IAM-026: SSH Public Keys Rotated 30 Days
  • IAM-027: SSH Public Keys Rotated 45 Days
  • IAM-028: Inactive IAM Console User
  • IAM-029: Unused IAM User
  • IAM-038: Access Keys Rotated 90 Days
  • IAM-044: SSH Public Keys Rotated 90 Days
Rule Bug Fixes
  • EC2-027: Instance In Auto Scaling Group: Fixed a bug where false positives were generated by RTM for EC2 Instances created by Auto Scaling Group in between the bot runs.
  • CS-001: AWS Custom Rule: Improved the rule to minimize the likelihood of missing checks due to throttling of AWS Config rules.
  • CC-003: Conformity Insufficient Access Permissions: Fixed a bug that occasionally had a minor impact on the reliability of some of the IAM rules supported by RTM and Conformity Bot.