Views:
December 11, 2024, Conformity—Rules Update
AWS
  • EC2-011: vCPU-Based EC2 Instance Limit: Updated the rule title from 'Account Instance Limit' to 'vCPU-Based EC2 Instance Limit'.
  • S3-019: S3 Buckets with Website Hosting Configuration Enabled: Updated the rule title from 'S3 Buckets with Website Configuration Enabled' to 'S3 Buckets with Website Hosting Configuration Enabled'.
  • S3-028: Enable S3 Bucket Keys: Updated the rule title from 'Enable Amazon S3 Bucket Keys' to 'Enable S3 Bucket Keys'.
  • RDS-036: Amazon RDS Configuration Changes: Updated the rule title from 'RDS Configuration Changes' to 'Amazon RDS Configuration Changes'.
  • RDS-041: Enable Instance Storage AutoScaling: Updated the rule title from 'Enable Amazon RDS Storage AutoScaling' to 'Enable Instance Storage AutoScaling'.
  • IAM-013: Enable MFA for IAM Users with Console Password: Updated the rule title from 'MFA For IAM Users With Console Password' to 'Enable MFA for IAM Users with Console Password'.
  • IAM-023: Check for Individual IAM Users: Updated the rule title from 'IAM User Present' to 'Check for Individual IAM Users'.
  • IAM-036: IAM Users with Administrative Privileges: Updated the rule title from 'AWS IAM Users with Admin Privileges' to 'IAM Users with Administrative Privileges'.
  • IAM-046: IAM Support Role: Updated the rule title from 'Support Role' to 'IAM Support Role'.
  • IAM-056: IAM CreateLoginProfile detected: Updated the rule title from 'CreateLoginProfile Detected' to 'IAM CreateLoginProfile detected'.
  • IAM-066: IAM Groups with Administrative Privileges: Updated the rule title from 'AWS IAM Groups with Admin Privileges' to 'IAM Groups with Administrative Privileges'.
  • KMS-007: Monitor AWS KMS Configuration Changes: Updated the rule title from 'AWS Key Management Service (KMS) Configuration Changes' to 'Monitor AWS KMS Configuration Changes'.
  • CFM-004: CloudFormation Stack Failed Status: Updated the rule title from 'Stack Failed Status' to 'CloudFormation Stack Failed Status'.
  • ES-008: Total Number of OpenSearch Cluster Nodes: Updated the rule title from 'OpenSearch Instance Counts' to 'Total Number of OpenSearch Cluster Nodes'.
  • ES-009: OpenSearch Desired Instance Type(s): Updated the rule title from 'OpenSearch Desired Instance Type' to 'OpenSearch Desired Instance Type(s)'.
  • ES-013: OpenSearch Domains Encrypted with KMS CMKs: Updated the rule title from 'OpenSearch Domain Encrypted with KMS CMKs' to 'OpenSearch Domains Encrypted with KMS CMKs'.
  • SageMaker-002: Notebook Data Encrypted With KMS Customer Managed Keys: Updated the rule title from 'Notebook Data Encrypted With KMS Customer Master Keys' to 'Notebook Data Encrypted With KMS Customer Managed Keys'.
  • SageMaker-004: Disable Direct Internet Access for Notebook Instances: Updated the rule title from 'Notebook Direct Internet Access' to 'Disable Direct Internet Access for Notebook Instances'.
  • SageMaker-007: Disable Root Access for SageMaker Notebook Instances: Updated the rule title from 'SageMaker Notebook Root Access' to 'Disable Root Access for SageMaker Notebook Instances'.
  • Neptune-005: IAM Database Authentication for Neptune: Updated the rule title from 'IAM Database Authentication' to 'IAM Database Authentication for Neptune'.
  • ECR-003: Enable Automated Scanning for Amazon ECR Container Images: Updated the rule title from 'Enable Scan on Push for ECR Container Images' to 'Enable Automated Scanning for Amazon ECR Container Images'.
  • Backup-001: Use AWS Backup Service in Use for Amazon RDS: Updated the rule title from 'Snapshot Backup Service' to 'Use AWS Backup Service in Use for Amazon RDS'.
  • StorageGateway-001: Use KMS Customer Master Keys for AWS Storage Gateway File Shares: Updated the rule title from 'File Shares Encrypted With CMK' to 'Use KMS Customer Master Keys for AWS Storage Gateway File Shares'.
  • ECS-001: Monitor Amazon ECS Configuration Changes: Updated the rule title from 'ECS Configuration Changes' to 'Monitor Amazon ECS Configuration Changes'.
  • ECS-002: Amazon ECS Task Log Driver in Use: Updated the rule title from 'ECS Task Log Driver In Use' to 'Amazon ECS Task Log Driver in Use'.
  • WellArchitected-001: AWS Well-Architected Tool in Use: Updated the rule title from 'AWS Well-Architected Tool Is In Use' to 'AWS Well-Architected Tool in Use'.
  • Bedrock-007: Configure Sensitive Information Filters for Amazon Bedrock Guardrails: Updated the rule title from 'Guardrail set to mask or block PII' to 'Configure Sensitive Information Filters for Amazon Bedrock Guardrails'.
Azure
  • StorageAccounts-001: Enable Secure Transfer in Azure Storage: Updated the rule title from 'Secure Transfer for Azure storage account' to 'Enable Secure Transfer in Azure Storage'.
  • StorageAccounts-003: Enable Logging for Azure Storage Queue Service: Updated the rule title from 'Storage Logging For Queue Service' to 'Enable Logging for Azure Storage Queue Service'.
  • StorageAccounts-005: Allow Shared Access Signature Tokens Over HTTPS Only: Updated the rule title from 'Shared Access Signature Tokens Are Allowed Only Over Https' to 'Allow Shared Access Signature Tokens Over HTTPS Only'.
  • SecurityCenter-002: Enable Automatic Provisioning of the Monitoring Agent: Updated the rule title from 'Automatic Provisioning Of The Monitoring Agent' to 'Enable Automatic Provisioning of the Monitoring Agent'.
  • MySQL-001: Enable In-Transit Encryption for MySQL Servers: Updated the rule title from 'SSL Connection' to 'Enable In-Transit Encryption for MySQL Servers'.
  • PostgreSQL-001: Enable 'LOG_CHECKPOINTS' Parameter for PostgreSQL Servers: Updated the rule title from 'Log Checkpoints' to 'Enable 'LOG_CHECKPOINTS' Parameter for PostgreSQL Servers'.
  • PostgreSQL-002: Enable In-Transit Encryption for PostgreSQL Database Servers: Updated the rule title from 'SSL Connection' to 'Enable In-Transit Encryption for PostgreSQL Database Servers'.
  • PostgreSQL-003: Enable 'LOG_CONNECTIONS' Parameter for PostgreSQL Servers: Updated the rule title from 'Log Connections' to 'Enable 'LOG_CONNECTIONS' Parameter for PostgreSQL Servers'.
  • PostgreSQL-004: Enable 'LOG_DISCONNECTIONS' Parameter for PostgreSQL Servers: Updated the rule title from 'Log Disconnections' to 'Enable 'LOG_DISCONNECTIONS' Parameter for PostgreSQL Servers'.
  • PostgreSQL-005: Enable 'LOG_DURATION' Parameter for PostgreSQL Servers: Updated the rule title from 'Log Duration' to 'Enable 'LOG_DURATION' Parameter for PostgreSQL Servers'.
  • PostgreSQL-006: Enable 'CONNECTION_THROTTLING' Parameter for PostgreSQL Servers: Updated the rule title from 'Connection Throttling' to 'Enable 'CONNECTION_THROTTLING' Parameter for PostgreSQL Servers'.
  • PostgreSQL-007: Check for PostgreSQL Log Retention Period: Updated the rule title from 'Log Retention Days' to 'Check for PostgreSQL Log Retention Period'.
  • PostgreSQL-008: Use Microsoft Entra Admin for PostgreSQL Authentication: Updated the rule title from 'Microsoft Entra Admin' to 'Use Microsoft Entra Admin for PostgreSQL Authentication'.
  • Sql-001: Enable Auditing for SQL Servers: Updated the rule title from 'Auditing' to 'Enable Auditing for SQL Servers'.
  • Sql-002: Configure 'AuditActionGroup' for SQL Server Auditing: Updated the rule title from 'Audit Action Groups' to 'Configure 'AuditActionGroup' for SQL Server Auditing'.
  • Sql-003: SQL Auditing Retention: Updated the rule title from 'Auditing Retention' to 'SQL Auditing Retention'.
  • Sql-004: Use Microsoft Entra Admin for SQL Authentication: Updated the rule title from 'Microsoft Entra Admin' to 'Use Microsoft Entra Admin for SQL Authentication'.
  • Sql-007: Enable All Types of Threat Detection on SQL Servers: Updated the rule title from 'Enable All Threat Detection Types' to 'Enable All Types of Threat Detection on SQL Servers'.
  • Sql-009: Enable Classic Vulnerability Assessment Email Notifications for Admins and Subscription Owners: Updated the rule title from 'Enable Vulnerability Assessment Email Notifications for Admins and Subscription Owners' to 'Enable Classic Vulnerability Assessment Email Notifications for Admins and Subscription Owners'.
  • AppService-006: Enable HTTPS-Only Traffic: Updated the rule title from 'Check that the Azure App is only using HTTPS' to 'Enable HTTPS-Only Traffic'.
  • AppService-007: Check for TLS Protocol Latest Version: Updated the rule title from 'Check that the Azure App is using the latest TLS version' to 'Check for TLS Protocol Latest Version'.
  • Network-008: Check for Unrestricted MS SQL Server Access: Updated the rule title from 'Check for Unrestricted MS SQL Database Access' to 'Check for Unrestricted MS SQL Server Access'.
  • KeyVault-003: Set Azure Secret Key Expiration: Updated the rule title from 'Set Secret Key Expiration' to 'Set Azure Secret Key Expiration'.
  • APIManagement-009: Unrestricted API Access: Updated the rule title from 'Restrict Caller IPs' to 'Unrestricted API Access'.
GCP
  • CloudKMS-003: Detect Google Cloud KMS Configuration Changes: Updated the rule title from 'Detect GCP Cloud KMS Configuration Changes' to 'Detect Google Cloud KMS Configuration Changes'.
  • CloudSQL-027: Enable 'cloudsql.enable_pgaudit' and 'pgaudit.log' Flags for PostgreSQL Database Instances: Updated the rule title from 'Enable 'cloudsql.enable_pgaudit' Flag for PostgreSQL Database Instances' to 'Enable 'cloudsql.enable_pgaudit' and 'pgaudit.log' Flags for PostgreSQL Database Instances'.
  • CloudPubSub-001: Detect Google Cloud Pub/Sub Configuration Changes: Updated the rule title from 'Detect GCP Pub/Sub Configuration Changes' to 'Detect Google Cloud Pub/Sub Configuration Changes'.