The "Unused Amazon EC2 security groups should be removed" rule is available to help organizations manage their use of security groups.

On 27 June 2023, a fix will be released to correct the outdated logic of this rule which may impact related compliance scores.

The following bundles will be affected:

• EC2 Best Practices (version 1.0)
• APRA (versions 1.0, 1.1)
• The custom organization-level rule, if in use

These changes will be applied automatically by Stax. There will be no impact to service expected as a result of this update.

If you have any questions about this change and what it means for you, please contact support.

The NIST Cybersecurity Framework Rule Bundle is now available in private preview. This Bundle consists of standards, guidelines and best practices designed to help organizations manage cybersecurity risks. Read more here.

As per the announcement last week, the "Lambdas must have unique roles" check has been deprecated and removed from the rules catalog.

This rule is only part of the Stax rule catalog, and is not used as part of any compliance or best practice rule bundles.

As announced on 12 May 2023, Stax now provides advanced configuration options for Amazon GuardDuty protection plans and settings.

See Using Stax-managed GuardDuty for details on using Stax-managed GuardDuty.

The rule “Lambdas have a unique role” will be deprecated in a rules update in 7 days. This rule has been a part of the Stax compliance module for many years, and after careful consideration, we have decided that it no longer serves its intended purpose.

This rule was originally intended to ensure that AWS Lambdas — cloud computing functions — had a unique role within the environment. As cloud computing and serverless functions have evolved, we have determined that this rule does not provide additional security and is no longer necessary.

This rule is only part of the Stax rule catalog, and is not used as part of any compliance or best practice rule bundles.

The Australian Cyber Security Centre (ACSC)'s Essential Eight Rule Bundle is now available in private preview. This Bundle is designed to help organizations protect against cyber security threats. Read more here.

As announced on 09 May 2023, a change has been released for the listed Rules that check if object-level logging is enabled for S3 buckets.

This Rule will now detect when S3 data event logging is enabled on CloudTrail trails configured in member accounts as well as when configured on Organization-level CloudTrail trails.

By default, Stax does not configure S3 object-level logging for Stax-managed accounts. An S3 bucket with a high workload could quickly generate thousands of logs in a short amount of time, resulting in increased AWS costs. Find out more about Enabling CloudTrail event logging for S3 buckets and objects.

When setting budgets that leverage your Views, you can now sort the budget table by segment name and download the budget data to CSV. Find out more here.

As part of Stax Assurance, Amazon GuardDuty is configured for Stax-managed AWS Organizations. In an upcoming release of Stax, advanced configuration of GuardDuty will be possible via the Stax Console and API.

There are several considerations for organizations with GuardDuty configuration in place beyond what Stax configures as part of Stax Assurance. Read Configure Amazon GuardDuty within Stax for more information. Contact your Customer Success Manager if you have any questions regarding this upcoming release.

Default subscription preferences have changed for new users invited to Stax. After joining Stax, new users will now only be subscribed to the Weekly Summary, Wastage Report and New Rule Releases notification types. Users can then manage their notifications and make changes to their preferences.