The Compliance Summary Report which is available in Excel format, now includes the On this status since* data for every Rule's resources. The On this status sincefield ***can be found on the Rule Details page and represents the date and time in UTC when the resource's current status was detected.

To access the Compliance Summary Report, navigate to the Rules page and select the download icon on the top right of the page.

The Rule*** RDS instances should be running the latest available major version ***has been renamed to ***Rule RDS instances should be running the latest available major and minor version. ***This change makes the rule name more descriptive and clarifies that the rule validates that RDS instances are running both the latest major and minor available release.

Organizations with a resold account ownership model, now have access to Stax-managed Cost and Usage Reports (CUR) in S3, in both CSV and parquet formats. Find out more here.

On 1 May 2023 at 1300 UTC (2 May 2023 at 2300 AEST), the GET /20190206/groups/{group_id} route will return a 404 HTTP status code if the group_id provided has the status of DELETED or does not exist.

Previously, the archived record would be returned for a deleted group and "Groups": [] would be returned if the group did not exist.

Changes have been applied to Stax-managed AWS Organizational Units in accordance with Release 1 from the published release plan. This was initially announced on 4 April 2023.

On 1 May 2023 at 1300 UTC (2 May 2023 at 2300 AEST), the following changes will be made to the GET /20190206/users API route:

1. This route will no longer return API tokens. The GET /20190206/api-tokens route should be used instead

2. This route will no longer return DELETED users by default. The existing behavior was to return all users regardless of their status. To get a list of deleted users, you will need to explicitly request it with the status_filter query string, e.g. /users?status_filter=DELETED

3. The GET /20190206/users/{user_id} route will return a 404 HTTP status code if the user_id provided has the status of DELETED. Previously, this would return the archived record

If you have questions or concerns regarding the changes, please reach out by raising a support case.

Stax manages AWS Organizations in alignment with established best practices. As a result, Stax-managed AWS Organizations will be uplifted to adhere to the organizational structure recommended in the AWS Security Reference Architecture and the Organizing Your AWS Environment Using Multiple Accounts whitepaper. In addition to this, new functionality will be introduced to allow tenancies to better utilize Organizational Units (OUs) and service control policies (SCPs).

These changes will be released over the next 8 weeks. For a detailed outline of these changes, see the release plan here.

The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 Rule Bundle is now available in private preview. This Bundle is designed to help organizations maintain the security of cardholder data and protect against fraudulent activities.

The preview Bundle version provides access to a subset of the full set of Rules and guidelines that will be included in the final release. Read more here.

Stax has released a fix to the following rules to remediate an issue resulting in access keys being incorrectly evaluated. This issue only affected the evaluation of credentials for IAM users with multiple access keys. This change may impact the compliance score of these rules.

The Stax console now features a redesigned navigation interface. This new interface is designed to bring the most used features of Stax to the front, so you're able to access them easily.

For a detailed breakdown of the changes, see the docs.