Conformity Updates - Week Ending 6 Mar 2026

Spanner-001: Enable Customer-Managed Encryption Keys (CMEK) for Cloud Spanner Databases: This rule ensures that your Google Cloud Spanner databases are encrypted with customer-managed encryption keys (CMEK) instead of Google-managed encryption keys.

OCI-FileStorage-011: Check Lustre File Systems for Cost Allocation Tags: This rule ensures that OCI Lustre file systems have cost allocation tags for accurate cost allocation and budget tracking.

OCI-Compute-012: Use Network Security Groups to Control Traffic to Compute Instances: This rule ensures that your OCI compute instances are using NSGs for traffic control.

OCI-FileStorage-012: Use Network Security Groups to Control Traffic to Lustre File Systems: This rule ensures that your Lustre file systems are using Network Security Groups (NSGs) for traffic control.

OCI-Functions-001: Attach Function Applications to Network Security Groups (NSGs): This rule ensures that Oracle Cloud Infrastructure (OCI) Functions applications are attached to Network Security Groups (NSGs) to implement granular ingress and egress network access controls.

Network-032: Enable HTTP/2 Support for Application Gateways: This rule ensures that HTTP/2 support is enabled for Azure Application Gateways.

Monitor-012: Ensure that a Diagnostic Setting Exists for Subscription Activity Logs: This rule ensures that diagnostic settings exist for exporting activity logs from Azure subscriptions.

Network-033: Check for Minimum TLS Version: This rule ensures that Application Gateways use the latest supported TLS protocol versions for client connections to enhance security.

AKS-013: Disable Public FQDN for Private AKS Clusters: This rule ensures that your private AKS clusters are not configured with a public FQDN.

StorageAccounts-033: Check for SMB Channel Encryption Type: This rule ensures that your Microsoft Azure File Shares are configured with the "AES-256-GCM" SMB channel encryption algorithm to provide strong protection against eavesdropping and Man-In-The-Middle (MITM) attacks, safeguarding sensitive information.

GKE-001: Enable GKE Cluster Node Encryption with Customer-Managed Encryption Keys: This rule ensures that boot disk encryption with Customer-Managed Keys is enabled for GKE cluster nodes.

GKE-002: Enable Encryption for Application-Layer Secrets for GKE Clusters: This rule ensures that encryption of Kubernetes secrets using Customer-Managed Keys is enabled for GKE clusters.