September 07, 2021, Conformity—The following features and updates were released to
Conformity on 7th September 2021.
Standards and Frameworks
Conformity now supports the NIS Europe (OES-2019) and FISC Security Compliance(V9).
Communication Channels Update
- ServiceNow: Updated ServiceNow communication channel to include ‘cloud provider Id’ and ‘cloud provider in the description.
- Jira: Disabled the ‘Test settings' and the ‘Save’ buttons for Jira communication channel when the configuration is invalid. This ensures valid configuration must be selected and a successful test must be run before saving.
Bug Fixes
- Fixed a bug where PDF Reports with 0 checks displayed a blank white page.
- Fixed a bug where a default email communication channel was not set up when an account was added on Cloud OneConformity.
- Fixed a bug where no error message was displayed for ‘Create/Update’ Communication settings API endpoints with more than 2 statuses were passed in the request.
- Fixed a bug where usage of wildcard (* or ?) in the first few characters of the filtername] field for [Events API was returning an error message.
- Fixed a bug where the "Welcome to Trend Micro Cloud One" welcome email was being sent up to three times upon email verification.
- Fixed a bug where the user could not see the option to add an Azure account on the Subscription page if they only had AWS accounts configured.
- Fixed a bug to generate accurate checks for Lambda-007 Rule in the Template scanner results.
- Fixed a bug where the number of active communication channels with manual notifications turned 'ON' was not being reflected immediately.
- Fixed a bug to remove ‘Organisational Profile' as an option in the Template Scanner dropdown option for Profile rule settings' because the organisational profile is already checked against by default.
- Fixed a bug to prevent users from configuring exceptions using the following APIs for Rules that do not support exceptions:
- https://eu-west-1-api.cloudconformity.com/v1/accounts/{id}/settings/rules/{ruleId}
- https://eu-west-1-api.cloudconformity.com/v1/accounts/{id}/settings/rules
- https://eu-west-1-api.cloudconformity.com/v1/profiles
- https://eu-west-1-api.cloudconformity.com/v1/profiles/{id}
Custom Policy Updates
- There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.32. Click here to access the latest custom policy.
New Rule
AWS
- IAM-068: Unapproved IAM Policy in Use: This rule checks if there are any unapproved IAM-managed policies in use.
Rule Update
Optimized rule configurations to prevent the following rules from generating false
positive checks due to API throttling:
- ELB-005: ELB Insecure SSL Protocol
- ELB-006: ELB Insecure SSL Ciphers
- IAM-001: Access Keys Rotated 30 Days
- IAM-002: Access Keys Rotated 45 Days
- IAM-004: Unnecessary Access Keys.
- IAM-007: Password Policy Lowercase.
- IAM-008: Password Policy Uppercase.
- IAM-009: Password Policy Number
- IAM-010: Password Policy Symbol
- IAM-011: Password Policy Expiration
- IAM-012: Password Policy Reuse Prevention
- IAM-013: MFA For IAM Users With Console Password
- IAM-016: IAM User Policies
- IAM-024: IAM User With Password And Access Keys
- IAM-025: Unnecessary SSH Public Keys
- IAM-026: SSH Public Keys Rotated 30 Days
- IAM-027: SSH Public Keys Rotated 45 Days
- IAM-028: Inactive IAM Console User
- IAM-029: Unused IAM User
- IAM-038: Access Keys Rotated 90 Days
- IAM-044: SSH Public Keys Rotated 90 Days
Rule Bug Fixes
- EC2-027: Instance In Auto Scaling Group: Fixed a bug where false positives were generated by RTM for EC2 Instances created by Auto Scaling Group in between the bot runs.
- CS-001: AWS Custom Rule: Improved the rule to minimize the likelihood of missing checks due to throttling of AWS Config rules.
- CC-003: Conformity Insufficient Access Permissions: Fixed a bug that occasionally had a minor impact on the reliability of some of the IAM rules supported by RTM and Conformity Bot.