Changed
The policy query fix for lacework-global-306. Non-running compute instances were improperly being marked as non-compliant for having public access.
7th October 2024
· One min read
18th September 2024
· One min read
Changed
Resolved an issue where AWS root accounts were incorrectly flagged as non-compliant due to changes in the AWS IAM get-credential-report API. Query logic has been updated in the following policies:
15th July 2024
· One min read
Changed
The following policy's title and description have been updated to clarify that a violation occurs when an AWS Elastic Load Balancer is associated with a security group that allows unrestricted egress or ingress:
4th July 2024
· One min read
Changed
A query improvement has been made for the following policy, fixing an issue where AWS accounts with CloudTrail trails configured to use advanced event selectors were being flagged as non-compliant:
3rd July 2024
· One min read
Updated
The severity of the following policies has decreased from high to medium, to align with internal standards:
30th May 2024
· One min read
Updated
The AWS Foundational Security Best Practices (FSBP) Standard compliance benchmark has been updated with new policies that are of high severity.
The following policies are newly added and are automated:
Click to expand
- lacework-global-371
- lacework-global-372
- lacework-global-382
- lacework-global-383
- lacework-global-384
- lacework-global-385
- lacework-global-386
- lacework-global-387
- lacework-global-388
- lacework-global-389
- lacework-global-390
- lacework-global-391
- lacework-global-392
- lacework-global-393
- lacework-global-394
- lacework-global-804
- lacework-global-805
- lacework-global-806
- lacework-global-810
- lacework-global-811
- lacework-global-821
- lacework-global-822
- lacework-global-827
The following policies are newly added but are manual:
Click to expand
The following policies already exist and have been updated as part of this release
Click to expand
- lacework-global-50 - new reference added and severity increased from medium to high
- lacework-global-52 - new reference added
- lacework-global-53 - new reference added and severity increased from medium to high
- lacework-global-87 - new reference added
- lacework-global-128 - new reference added
- lacework-global-128 - new reference added and severity reduced from critical to high
21st May 2024
· One min read
Updated
A query improvement has been made for the following policies, which simplifies the logic and also updates the severity:
The severity for lacework-global-52 has been increased from medium to high, and for lacework-global-171 it has been decreased from critical to medium, to reflect recent reviews of some Lacework policies.
16th May 2024
· One min read
Updated
The CIS Google Kubernetes Engine (GKE) 1.4.0 Benchmark compliance benchmark has been updated with newly automated policies.
The following policies that were manual have now been automated:
Click to expand
- lacework-global-729
- lacework-global-730
- lacework-global-731
- lacework-global-732
- lacework-global-736
- lacework-global-739
- lacework-global-744
- lacework-global-745
- lacework-global-746
- Note: This policy was split into 2 policies, with the other associated policy being lacework-global-823.
- lacework-global-747
- Note: This policy was split into 2 policies, with the other associated policy being lacework-global-824.
- lacework-global-748
- Note: This policy was split into 2 policies, with the other associated policy being lacework-global-825.
- lacework-global-749
- Note: This policy was split into 2 policies, with the other associated policy being lacework-global-826.
- lacework-global-750
- lacework-global-751
- lacework-global-752
- lacework-global-753
- lacework-global-754
- lacework-global-755
- lacework-global-762
- lacework-global-767
- lacework-global-768
- lacework-global-773
- lacework-global-778
- lacework-global-783
- lacework-global-792
- lacework-global-802
13th May 2024
· One min read
Changed
Some changes have been made to the following policies to fix an issue whereby the region was being incorrectly reported, causing unexpected non-compliant assessment results.
The queries that support these policies now correctly report the primary region, rather than the paired region.
1st May 2024
· One min read
Added
The CIS Google Cloud 2.0.0 Benchmark compliance framework is now available.
The following policies are newly added as part of this update:
The remaining policies in the benchmark are re-used from the CIS Google Cloud 1.3.0 Benchmark.