22 posts tagged with "Notice"

On 24 February 2025, Stax will be releasing Configurable Guardrails as part of its Foundations services. This feature will allow you to further improve and refine your Stax-managed AWS Organization's security posture in an easy-to-use interface. The release is not expected to cause any operational impact, however Service Control Policies created as part of Stax Assurance will be updated as follows:

• stax-protection-standard/stax-protection-partner will be detached from your AWS Organization root, to be replaced with the policies described below.
• stax-protection-aws-baseline-1 will be created and attached to your AWS Organization root.
  • This policy will contain AWS best practice protections set up by the Configurable Guardrails service. You can enable additional protections according to your organization's needs via the Configurable Guardrails foundation service.
  • By default, the policy will provide the same protections to your organization as before.
• stax-protection-stax-resources will be created and attached to your AWS Organization root. This policy will contain protections on critical resources to ensure Stax's functionality.

See Configurable Guardrails for more information.

The Cost and Compliance modules of Stax are being shut down at the end of March 2025. This means that Stax will no longer ingest or process cost and compliance information from your AWS Organization(s), and the Cost, Wastage, Compliance, and Notifications headings will be removed from the Stax console.

Please see the announcement for more details, including specific timelines and recommended alternatives.

The other components of Stax are not impacted by this change (Accounts, Networks, Workloads, Identity features).

In an effort to maintain industry certifications that best reflect and align with the requirements of Stax's customers, Stax regularly reviews the certifications it maintains. After consideration, Stax will no longer be seeking to retain its PCI-DSS Service Provider certification.

Stax will continue to maintain its annual SOC2 Type II audits in line with Compliance for customers and partners.

This change does not impact the PCI-DSS Rule Bundle available to customers through the Compliance module.

Should you have any questions, please contact your Customer Success Manager or raise a support case.

On 02 April 2024, Stax will deprecate stax2aws versions 1.4.3 and older. These versions of the Stax Command Line Interface (CLI) utilize a device authorization grant solution which is being deprecated.

All users will be required to upgrade to version 1.5.0 of stax2aws on or before 02 ** April 2024 **to continue using the Stax CLI.

In addition, on 02 April 2024, Stax will remove the obsolete device flow resources from Stax-managed security accounts. No customer action is required for this part of the change and we will inform you when this change has been applied.

If you have questions or concerns regarding the changes, please reach out by raising a support case.

On 12 February 2024, Stax will implement changes to the configuration of Stax-managed Security Hub. This update will align the Stax-managed Security Hub service with the new AWS Security Hub central configuration capability announced by AWS.

If you have already enabled Stax-managed Security Hub, you will be impacted by this change.

Ensure you review our guide to understand the change, impacts, and actions you need to take before 12 February 2024.

If you have questions or concerns regarding the changes, please reach out by raising a support case.

On 02 April 2024, Stax will deprecate stax2aws versions 1.4.3 and older. These versions of the Stax Command Line Interface (CLI) utilize a device authorization grant solution which is being deprecated.

All users will be required to upgrade to version 1.5.0 of stax2aws on or before 02 ** April 2024 **to continue using the Stax CLI.

In addition, on 02 April 2024, Stax will remove the obsolete device flow resources from Stax-managed security accounts. No customer action is required for this part of the change and we will inform you when this change has been applied.

If you have questions or concerns regarding the changes, please reach out by raising a support case.

On 23 January 2024, Stax will implement a change to restrict the recording of global resources, such as IAM users, groups, roles, and customer-managed policies, to your Stax Installation Region.

This change aligns with AWS Config best practices recommending the recording of global resources in a single region to prevent redundant copies of IAM configuration items across all regions. Additionally, this change may help customers in reducing their AWS Config costs.

Importantly, this change does not affect customer compliance with the CIS AWS Foundations Benchmark v1.2.0 and later control - “Ensure AWS Config is enabled in all regions”. The CIS AWS Benchmark’s Audit procedure specifies that including global resources related to IAM resources is required in only one region. For more details, refer to the CIS AWS Benchmark.

Impact of change

• After the change, customers can expect a reduction in the number of redundant copies of IAM configuration items stored in every region.
• Customers using the CIS AWS Foundations Benchmark v1.2.0 and v1.4.0 in AWS Security Hub may observe a change in the compliance status of control: [Config.1] AWS Config should be enabled. This adjustment is attributed to the rule mandating the recording of global resources in all regions. For more information and guidance on suppressing findings for this control manually or through an automation rule, please visit the following AWS guides: - AWS Config Rules and Global Resource Types - Security Hub controls that you might want to disable

On 12 February 2024, changes will be made to how Stax-managed Security Hub is configured. This update will align the Stax-managed Security Hub service with the new AWS Security Hub capability announced by AWS.

After the change, Stax will only enable and configure cross-region aggregation for Security Hub in regions that are explicitly enabled in Stax-managed Security Hub.

Previously, Stax enabled Security Hub and configured cross-region aggregation for every available region in every account. While supported Security Hub standards and controls were only enabled in the regions explicitly enabled in Stax-managed Security Hub.

If you have already enabled Stax-managed Security Hub and would like the service to continue to be enabled with cross-region aggregation in everyavailable region, ensure that you update your current Stax-managed Security Hub configuration by toggling on the "All Regions" option or selecting individual AWS regions from the list.

To avoid interruption to service,  update your Stax-managed Security Hub configuration before 12 February 2024. If no action is taken, Stax will only enable and aggregate Security Hub in regions enabled in the Stax-managed Security Hub service.

For more information, see Using Stax-managed Security Hub.

On Sunday 11 February at 0200 UTC (Monday 12 February at 1300 AEDT), the following deprecated Stax API endpoints will be removed from stax-au1, stax-us1, and stax-eu1 and will no longer be supported by Stax API/SDK:

**- Fetch IDAM Users **GET /20190206/idam/user

**- Fetch IDAM User ** GET /20190206/idam/user/{org_id}

The following endpoints should be used instead which now includes the user's MFA status.

-** Fetch Stax Users and Federated Users** GET /20190206/users

• Fetch Stax User and Federated User GET /20190206/users/{user_id}

To avoid interruption to service switch to these replacement API endpoints before 11 February 2024. Refer to the Stax API documentation for up-to-date API schema details.

If you have any concerns, please raise a support case.

The stax-audit-bus EventBridge rule has been deprecated and will be removed from all Stax-managed AWS accounts on ** 05**** Feb 2024. **To continue receiving events that the stax-audit-busEventBridge rule is sending to the Security account, please review our guide to prepare for the change.