December 9, 2025, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 6 December 2025.
Updated Compliance CIS Foundations Benchmark 4.0
- We've updated our compliance standards to meet the Center of Internet Security (CIS) Foundations Benchmarks for Oracle Cloud Infrastructure. You can now filter Checks and download Compliance Reports to ensure your cloud environment complies with the latest CIS Foundations Benchmarks.
Deprecation Notice
- Trend Cound One - Conformity has deprecated the CIS Azure Foundations Benchmark v2.1.0 for removal on 08 February 2026. It will no longer be accessible in the filters, preventing the creation of new reports or report configurations with this outdated benchmark. If any existing report configurations include deprecated compliance standards, it will not be possible to generate new PDF/CSV reports. However, the list of previously generated PDF/CSV reports remains available. We recommend updating your report configurations to use the latest versions of CIS Azure Foundations Benchmark before February 8, 2026.
Updated Rules
AWS
- ES-007: OpenSearch Version: This rule ensures that the OpenSearch version is upgraded to 3.3.
- Lambda-001: Lambda Using Latest Runtime Environment: This rule ensures that the latest Lambda runtime environments (nodejs24.x, python 3.14, Java 25, Ruby 3.4) have been added.
- Lambda-012: Lambda Using Supported Runtime Environment: This rule ensures that the latest Lambda runtime environments (nodejs24.x, python 3.14, Java 25, Ruby 3.4) have been added.
New Rule
- OCI
- OCI-Compute-008: Check for Public IP Address Exposure: This rule ensures that Oracle Cloud Infrastructure (OCI) compute instances are not configured with public IP addresses.
- OCI-FileStorage-008: Enable File System Active Replication: This rule ensures that active replication is enabled for your production Oracle Cloud Infrastructure (OCI) File Storage systems in order to facilitate ongoing automatic asynchronous replication across regions.
- OCI-KMS-006: Unused KMS Customer-Managed Keys (CMKs): This rule ensures that excessive unused Customer-Managed Keys (CMKs) are identified and deleted to help lower the cost of your monthly OCI bill.
- OCI-KMS-005: Virtual Private Vaults: This rule ensures that Oracle (OCI) KMS Vaults are provisioned on an isolated partition of the Hardware Security Module (HSM).
- OCI-FileStorage-006: Check for Cost Allocation Tags: This rule ensures that Oracle File Storage systems have cost allocation tags for accurate cost allocation and budget tracking.
- OCI-FileStorage-005: Enable Quota Enforcement: This rule ensures that Oracle File Storage quota enforcement is enabled for cost control.