The Stax Terraform Provider, which was previously in developer preview status, has been deprecated. No further development will occur, and the module remains unsupported for production use.

Stax's guidance is not to use this module for production workloads, and to instead consider deployment using the Stax API or Python SDK.

Please note that while the Terraform provider will remain available on the Terraform Registry, there will be no further updates or development undertaken at this time.

Please raise a support case or contact your Customer Success Manager if you have any questions.

In an effort to maintain industry certifications that best reflect and align with the requirements of Stax's customers, Stax regularly reviews the certifications it maintains. After consideration, Stax will no longer be seeking to retain its PCI-DSS Service Provider certification.

Stax will continue to maintain its annual SOC2 Type II audits in line with Compliance for customers and partners.

This change does not impact the PCI-DSS Rule Bundle available to customers through the Compliance module.

Should you have any questions, please contact your Customer Success Manager or raise a support case.

Tagging of Service Control Policies in Stax is now supported in the Stax Console, Stax API, and SDK. Visit Using Service Control Policies in Stax to find out more.

A fix has been applied to the Rule DynamoDB point-in-time recovery is enabled which was causing the control to incorrectly evaluate all DynamoDB resources as non-compliant. Following the fix, the Rule now accurately assesses resources as compliant when point-in-time recovery is enabled on DynamoDB tables.

Stax has deprecated stax2aws versions 1.4.3 and older. These versions of the Stax Command Line Interface (CLI) utilized a device authorization grant solution which is no longer supported. Stax has removed the obsolete device flow resources from Stax-managed security accounts.

All users are required to upgrade to version 1.5.0 of stax2aws to continue using the Stax CLI.

If you have questions or concerns regarding the changes, please reach out by raising a support case.

The Rule EC2 launch type container task definitions should specify a user that is not root has been updated to ECS task definitions should specify a user that is not root. This adjustment enhances the accuracy of the control's name. This updated rule is featured in the Organization and ACSC Essential 8 v1.0 Rule Bundles.

On 02 April 2024, Stax will deprecate stax2aws versions 1.4.3 and older. These versions of the Stax Command Line Interface (CLI) utilize a device authorization grant solution which is being deprecated.

All users will be required to upgrade to version 1.5.0 of stax2aws on or before 02 ** April 2024 **to continue using the Stax CLI.

In addition, on 02 April 2024, Stax will remove the obsolete device flow resources from Stax-managed security accounts. No customer action is required for this part of the change and we will inform you when this change has been applied.

If you have questions or concerns regarding the changes, please reach out by raising a support case.

Stax local user accounts' multi-factor authentication (MFA) status is now available on the Users page in the Stax Console. This update simplifies the process of identifying local Stax users with MFA enabled.

To explore this feature, visit the Users page in the Stax Console or refer to our Stax API and SDK documentation.

Please note, this status check is not refreshed immediately and can take up to four hours for the updated information to appear.

The NIST Special Publication 800-53 Revision 5 standard can now be enabled in Stax-managed Security Hub using the Stax Console, Stax API, and SDK.

For more information and to get started, see Using Stax-managed Security Hub.

Stax has enhanced the CloudWatch Log metric filters and alarms configured in Stax-managed AWS Management accounts. This update helps customers aiming to align with the latest CIS AWS Benchmark by including new CloudWatch Log metric filters and alarms for the following CIS AWS Benchmark v1.5.0 controls:

• 4.1 Ensure a log metric filter and alarm exist for unauthorized API calls

• 4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes

Existing CIS Benchmark v1.2.0 CloudWatch Log metric filters and alarms configured by Stax remain unchanged.