Release 2023.04.27
Amazon Web Services (AWS)
- Rule update
- Ensure KMS Customer-Managed Keys Are Not Publicly Accessible
- Bug fixes and remediation update
- Ensure KMS Customer-Managed Keys Are Not Publicly Accessible
Release 2023.04.20
Amazon Web Services (AWS)
- 4 new rules
- Enable Continuous Backups for DynamoDB Tables
- Ensure KMS Customer-Managed Keys Are Not Publicly Accessible
- Enable IAM DB Authentication for RDS Databases
- Enable Automated Backups and Set Appropriate Retention Period for RDS Databases
Huawei Cloud
- Rule update
- Ensure That CMK Rotation Is Enabled
- Rule logic update to exclude default and disabled Customer-managed keys
- Reference link updated
- Ensure CloudTrace Log File Integrity Validation Is Enabled for Management Tracker
- Rule title update to indicate that this is for management trackers only
- Rule logic update to exclude data tracker as it is not supported on Huawei Cloud
- RDS Instance Delete Protection Not Enabled
- Rule logic update to exclude "Prepaid" (Subscription) billing method as it is not supported on Huawei Cloud
- Ensure ELB Certificate Has Not Expired
- Bug fix due to Huawei API changes
- Ensure That CMK Rotation Is Enabled
Azure
- Rule update
- Azure Load Balancer With No Backend Pool Instances Found
- Rule logic update to accept backend pool without IP
- Azure Load Balancer With No Backend Pool Instances Found
Release 2023.04.14
Amazon Web Services (AWS)
- Rule update
- SQS Server Side Encryption Not Enabled
- Rule logic update to accept SSE-SQS as a server-sided encryption method.
- SQS Server Side Encryption Not Enabled
Release 2023.03.31
Huawei Cloud
- Rules update
- Ensure That ELB Listeners Are Encrypted
- Rule logic update to check for HTTP protocol or usage of port 80 taking into account that the network load balancer does not have HTTPS.
- Ensure the CloudTrace Management Tracker Exports to Log Tank Service (LTS)
- Updated remediation steps
- Ensure That ELB Listeners Are Encrypted
Release 2023.03.17
Amazon Web Services (AWS)
- 4 new rules
- Enable Encryption at Rest for Redshift Clusters
- Ensure Redshift Clusters Are Not Publicly Accessible
- Enable Automated Snapshots and Set Appropriate Retention Period for Redshift Clusters
- Enable KMS Customer-Managed Keys for Redshift Clusters
Huawei Cloud
- 2 custom parameter-enabled rules
- Ensure Access Keys Are Rotated Every 90 Days or Less
- Configurable between 1 day to 365 days
- Ensure IAM Password Policy Requires Uppercase Letters, Lowercase Letters, Digits and Special Characters
- Configurable between 1 to 4 combinations
- Ensure Access Keys Are Rotated Every 90 Days or Less
Release 2023.03.10
Alibaba Cloud
- 5 new rules
- No Unused Elastic IP Addresses
- Ensure that Access is Restricted from the Internet For MongoDB Service
- Ensure that Access is Restricted from the Internet For Redis Service
- Enable Release Protection for Redis Instance
- Redis Instance Whitelist Settings Not Configured to 0.0.0.0/0