Added
See Adjusted Controls - 6.6 Ensure that Network Watcher is 'Enabled' for details.
Changed
There have been content and title improvements made to 25 compliance policies.
note
Only wording of the policies will have been updated, with no impact on functionality of the underlying query.
Click to display the compliance policies with old and new titles
Policy ID | Old Title | New Title |
---|---|---|
lacework-global-44 | Ensure IAM Users Receive Permissions Only Through Groups | Ensure Identity and Access Management (IAM) Users Receive Permissions Only Through Groups |
lacework-global-49 | Ensure MFA Delete is enabled on S3 buckets | Enable Multi-Factor Authentication (MFA) Delete on S3 buckets |
lacework-global-55 | Ensure CloudTrail trails are integrated with CloudWatch Logs | Integrate CloudTrail trails with CloudWatch Logs |
lacework-global-87 | Ensure the default security group of every VPC restricts all traffic | Ensure the default security group of every Virtual Private Cloud (VPC) restricts all traffic |
lacework-global-90 | Ensure EBS Volumes are Encrypted | Encrypt Elastic Block Store (EBS) Volumes |
lacework-global-240 | Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps | Restrict API Keys To Use by Only Specified Hosts and Apps |
lacework-global-256 | Ensure Cloud Asset Inventory Is Enabled | Enable Cloud Asset Inventory |
lacework-global-277 | Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' | Set the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance to 'On' |
lacework-global-285 | Ensure 'external scripts enabled' database flag for Cloud SQL on SQL Server instance is set to 'off' | Set 'external scripts enabled' database flag for Cloud SQL on SQL Server instance to 'off' |
lacework-global-313 | Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK) | Encrypt All BigQuery Tables With Customer-Managed Encryption Key (CMEK) |
lacework-global-339 | Minimize the admission of containers wishing to share the host IPC namespace | Minimize the admission of containers wishing to share the host Inter-Process Communication (IPC) namespace |
lacework-global-358 | Ensure Kubernetes Secrets are encrypted using Customer Master Keys (CMKs) managed in AWS KMS | Encrypt Kubernetes Secrets using Customer Managed Keys (CMKs) managed in AWS Key Management Service (KMS) |
lacework-global-360 | Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled | Create clusters with Private Endpoint Enabled and Public Access Disabled |
lacework-global-534 | Ensure Private Endpoints are used to access Storage Accounts | Use Private Endpoints to access Storage Accounts |
lacework-global-543 | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | Set 'Enforce SSL connection' to 'ENABLED' for PostgreSQL Database Server |
lacework-global-569 | Ensure that SSH access from the Internet is evaluated and restricted | Evaluate and restrict SSH access from the Internet |
lacework-global-622 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Set Microsoft Defender for SQL to 'On' for critical SQL Servers |
lacework-global-640 | Ensure that Private Endpoints are Used for Azure Key Vault | Use Private Endpoints for Azure Key Vault |
lacework-global-650 | Minimize the execution of container workloads sharing the host IPC namespace | Minimize the execution of container workloads sharing the host Inter-Process Communication (IPC) namespace |
lacework-global-652 | Minimize the execution of container workloads that can escalate their privileges above those of their parent process | Minimize the execution of container workloads that can escalate their privileges beyond those of their parent process |
lacework-global-670 | Ensure IAM administrators cannot update tenancy Administrators group | Ensure Identity and Access Management (IAM) administrators cannot update tenancy Administrators group |
lacework-global-686 | Ensure the default security list of every VCN restricts all traffic except ICMP | Ensure the default security list of every Virtual Cloud Network (VCN) restricts all traffic except Internet Control Message Protocol (ICMP) |
lacework-global-691 | Ensure default tags are used on resources | Use default tags on resources |
lacework-global-708 | Ensure Object Storage Buckets are encrypted with a Customer Managed Key (CMK) | Encrypt Object Storage Buckets with a Customer Managed Key (CMK) |
lacework-global-710 | Ensure Block Volumes are encrypted with Customer Managed Keys (CMK) | Encrypt Block Volumes with Customer Managed Keys (CMK) |