131 posts tagged with "Added"

The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 Rule Bundle is now available to all organizations. This Bundle is designed to help customers maintain the security of cardholder data and protect against fraudulent activities.

The new PCI DSS Rule Bundle includes over 40 controls across 17 AWS services and 17 new rules.

Add the Bundle to Stax to get going. Once added, Stax will perform an initial evaluation and populate the Rules page with new results. You can filter the page to show only results from the PCI DSS if preferred. Read more about the Stax PCI DSS Rule Bundle here.  Alternatively, to add the new rules to your Organization Rule Bundle, head to the Rules Catalog page.

The Compliance Summary Report which is available in Excel format, now includes the On this status since* data for every Rule's resources. The On this status sincefield ***can be found on the Rule Details page and represents the date and time in UTC when the resource's current status was detected.

To access the Compliance Summary Report, navigate to the Rules page and select the download icon on the top right of the page.

Organizations with a resold account ownership model, now have access to Stax-managed Cost and Usage Reports (CUR) in S3, in both CSV and parquet formats. Find out more here.

The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 Rule Bundle is now available in private preview. This Bundle is designed to help organizations maintain the security of cardholder data and protect against fraudulent activities.

The preview Bundle version provides access to a subset of the full set of Rules and guidelines that will be included in the final release. Read more here.

It's now possible to discover AWS accounts in your AWS organization that are not yet managed by Stax within the Stax Console. See the documentation on how to run account discovery*.*

Stax has introduced support for the Center for Internet Security's Amazon Web Services Foundations Benchmark version 1.5.0. This introduces the following changes over the previous iteration, version 1.4.0:

Three new rules were added to the Benchmark:

• 2.3.2 Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances

• 2.3.3 Ensure that public access is not given to RDS Instance

• 2.4.1 Ensure that encryption is enabled for EFS file systems

• 4.16 Ensure AWS Security Hub is enabled

• 5.3 Ensure no security groups allow ingress from ::/0 to remote server administration ports

One rule has been changed:

• 3.8 Ensure rotation for customer created symmetric CMKs is enabled

The Rule Bundle cannot validate all components of the Benchmark, so the following items must be evaluated manually:

• 1.1: Maintain current contact details

• 1.2: Ensure security contact information is registered

• 1.3: Ensure security questions are registered in the AWS account

• 1.18: Ensure IAM instance roles are used for AWS resource access from instances

• 1.21: Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments

• 2.1.4: Ensure all data in Amazon S3 has been discovered, classified and secured when required

• 5.4: Ensure routing tables for VPC peering are "least access"

To enable this new version of the Bundle, see Keep Bundles Up To Date. If you have automatic updates enabled on the CIS Benchmark Bundle, Stax will automatically update you to version 1.5.0.

SCIM is now supported for organizations using Azure AD. See the step-by-step instructions on how to configure your Azure AD instance to sync users and groups into Stax.

As part of the improvements to the creation and scheduling of tasks with the Tasks API, a new OperationStatusof CREATEDhas been added to the API. Read more.

As part of the release of Stax-managed Security Hub a new rule, Security Hub should be enabled for all regions in an account, has been added to the Stax Foundation Compliance Rule Bundle to help you follow recommended best practices.

This compliance score is displayed on the Accounts page. If you've noticed a drop in this score, this may indicate that AWS Security Hub is not configured in that account.

To easily remediate this, configure Stax-managed Security Hub to enable the service across all accounts and supported regions.

Stax has released Stax-managed Security Hub which gives you the ability to configure AWS Security Hub and its prepackaged standards for all accounts in your AWS Organization within all supported regions.

See Using Stax-managed Security Hub for details on how to enable it.