Added
View All Tags
As announced on 12 May 2023, Stax now provides advanced configuration options for Amazon GuardDuty protection plans and settings.
See Using Stax-managed GuardDuty for details on using Stax-managed GuardDuty.
The Australian Cyber Security Centre (ACSC)'s Essential Eight Rule Bundle is now available in private preview. This Bundle is designed to help organizations protect against cyber security threats. Read more here.
When setting budgets that leverage your Views, you can now sort the budget table by segment name and download the budget data to CSV. Find out more here.
The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 Rule Bundle is now available to all organizations. This Bundle is designed to help customers maintain the security of cardholder data and protect against fraudulent activities.
The new PCI DSS Rule Bundle includes over 40 controls across 17 AWS services and 17 new rules.
Add the Bundle to Stax to get going. Once added, Stax will perform an initial evaluation and populate the Rules page with new results. You can filter the page to show only results from the PCI DSS if preferred. Read more about the Stax PCI DSS Rule Bundle here. Alternatively, to add the new rules to your Organization Rule Bundle, head to the Rules Catalog page.
The Compliance Summary Report which is available in Excel format, now includes the On this status since* data for every Rule's resources. The On this status sincefield ***can be found on the Rule Details page and represents the date and time in UTC when the resource's current status was detected.
To access the Compliance Summary Report, navigate to the Rules page and select the download icon on the top right of the page.
Organizations with a resold account ownership model, now have access to Stax-managed Cost and Usage Reports (CUR) in S3, in both CSV and parquet formats. Find out more here.
The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 Rule Bundle is now available in private preview. This Bundle is designed to help organizations maintain the security of cardholder data and protect against fraudulent activities.
The preview Bundle version provides access to a subset of the full set of Rules and guidelines that will be included in the final release. Read more here.
It's now possible to discover AWS accounts in your AWS organization that are not yet managed by Stax within the Stax Console. See the documentation on how to run account discovery*.*
Stax has introduced support for the Center for Internet Security's Amazon Web Services Foundations Benchmark version 1.5.0. This introduces the following changes over the previous iteration, version 1.4.0:
Three new rules were added to the Benchmark:
2.3.2 Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
2.3.3 Ensure that public access is not given to RDS Instance
2.4.1 Ensure that encryption is enabled for EFS file systems
4.16 Ensure AWS Security Hub is enabled
5.3 Ensure no security groups allow ingress from ::/0 to remote server administration ports
One rule has been changed:
3.8 Ensure rotation for customer created symmetric CMKs is enabled
The Rule Bundle cannot validate all components of the Benchmark, so the following items must be evaluated manually:
1.1: Maintain current contact details
1.2: Ensure security contact information is registered
1.3: Ensure security questions are registered in the AWS account
1.18: Ensure IAM instance roles are used for AWS resource access from instances
1.21: Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
2.1.4: Ensure all data in Amazon S3 has been discovered, classified and secured when required
5.4: Ensure routing tables for VPC peering are "least access"
To enable this new version of the Bundle, see Keep Bundles Up To Date. If you have automatic updates enabled on the CIS Benchmark Bundle, Stax will automatically update you to version 1.5.0.
SCIM is now supported for organizations using Azure AD. See the step-by-step instructions on how to configure your Azure AD instance to sync users and groups into Stax.