January 22, 2022, Conformity—The following features and updates are now available
with Conformity's latest release on 27 January 2022.
- Conformity now supports CIS Benchmarks for AWS Foundations 1.4 Standard and Framework report.
- Added a new property to ‘GET /v1/azure/active-directories/{id}/subscriptions’ to indicate whether or not a subscription has been onboarded onto Conformity.
- Enhanced Rule Settings > Configure Rule on account level to exclude matched resources between the Conformity Bot runs.
Bug Fixes
- Fixed an issue where a longer account name displayed a broken HTML tag on the RTM dashboard.
- Fixed incorrect sample requests for the 'Update Rule Setting' and the 'Update Rule Settings' APIs.
- Fixed an issue where reports generated in "Improve compliance across your organisation" were not saved in the ‘Other Reports - History’ section.
Custom Policy Updates
- There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.35. Click here to access the current custom policy.
New Rules
GCP
- ComputeEngine-005: Enable "Shielded VM" Security Feature: This rule ensures that the ‘Shielded VM’ feature is enabled for your virtual machine (VM) instances.
- ComputeEngine-006: Check for Instances Associated with Default Service Accounts: This rule ensures that your VM instances are not associated with the default GCP service account.
- ComputeEngine-008: Check for Instance-Associated Service Accounts with Full API Access:This rule ensures that VM instances are not associated with default service accounts that allow full access to all Google Cloud APIs.
- CloudIAM-003: Check for IAM Members with Service Roles at the Project Level: This rule ensures that the Service Account User and Service Account Token Creator roles are assigned to a user for a specific GCP service account rather than to a user at the GCP project level.
Bug Fix
- S3-025: S3 Buckets Encrypted with Customer-Provided CMKs: Fixed a bug where the disabled rule was generating checks.