December 10, 2021, Conformity—The following features and updates were released to
Conformity on 10th November 2021.
- Conformity now supports the LGPD (Brazil) Compliance and Conformity AWS Standard and Framework report.
- You can also add a description to all of your Configured Reports.
Bug Fixes
- Fixed a bug where Conformity displayed a blank screen when onboarding a GCP project without correct permissions.
- Fixed a bug where the Reports API endpoint returned an error on using the curl -L command.
- Fixed a bug to hide admin links in the communication channel recipient configuration screen for non admin users.
Custom Policy Updates
- There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.34. Click here to access the latest custom policy.
New Rules
GCP
- CloudSQL-005: Disable 'Cross DB Ownership Chaining' Flag for SQL Server Database Instances: This rule ensures that SQL Server database instances have 'cross db ownership chaining' flag set to Off.
- CloudSQL-006: Disable 'Contained Database Authentication' Flag for SQL Server Database Instances: This rule ensures that SQL Server database instances have 'contained database authentication' flag set to Off.
- CloudSQL-007: Disable "log_min_duration_statement" Flag for PostgreSQL Database Instances:This rule ensures that PostgreSQL database instances have "log_min_duration_statement" flag set to -1 (Off).
- CloudKMS-002: New Rule: Rotate Google Cloud KMS Keys: This rule ensures that all KMS cryptographic keys available within your Google Cloud account are regularly rotated.
- CloudIAM-002: Enforce Separation of Duties for Service-Account Related Roles:This rule ensures that separation of duties is implemented for all Google Cloud service account roles.
Azure
- AccessControl-002: Resource Locking Administrator Role: This rule ensures that there is a custom IAM role assigned to manage resource locking within each Microsoft Azure subscription.
Rule Updates
- Inspector-001: Amazon Inspector Findings: This rule now returns EC2 instance tags and finding attributes (tags) related to the finding as part of the check tags data. EC2 instance tags and inspector finding attributes can be disabled or enabled within the rule configuration. Both of these are enabled by default.
- Advisor-001: Check for Azure Advisor Recommendations: This rule now displays checks under the relevant categories when trying to filter, report or calculate scores for each pillar instead of appearing under all 5 categories.