For the compliance updates for this month we have made the following enhancements to our compliance module:

1. Added new bundles

2. Added new rules to existing bundles

3. Deleted rules

New Bundles

Bundle Name  Description
AWS NIST CSF v1.1 Automated Validation of NIST CSF V1.1 for AWS
GCP NIST CSF v1.1 Automated Validation of NIST CSF V1.1 for GCP
Azure NIST CSF v1.1 Automated Validation of NIST CSF V1.1 for Azure

New Rules:

Rule ID Rule Name Severity Affected Bundles
D9.AZU.CRY.02 Ensure that logging for Azure KeyVault is ‘Enabled’ High Azure CIS Foundations v. 1.0.0
Azure NIST 800-53 Rev 4
Azure Dome9 Best Practices
D9.AZU.CRY.12 Ensure that the expiry date is set on all Keys High Azure CIS Foundations v. 1.0.0
Azure NIST 800-53 Rev 4
Azure Dome9 Best Practices
D9.AZU.CRY.13 Ensure that the expiry date is set on all Secrets High Azure CIS Foundations v. 1.0.0
Azure NIST 800-53 Rev 4
Azure Dome9 Best Practices
D9.AZU.CRY.01 Ensure that KeyVault is in Use Low Azure NIST 800-53 Rev 4
Azure Dome9 Best Practices
D9.AWS.LOG.14 Ensure VPC Flow Logging is Enabled in all Applicable Regions High AWS HIPAA
AWS GDPR Readiness
AWS PCI-DSS 3.2
AWS NIST 800-53 Rev 4
AWS Dome9 Best Practices
D9.GCP.LOG.01 Bucket should have logging enabled High GCP NIST 800-53 Rev 4
GCP PCI-DSS 3.2
GCP Dome9 Best Practices
D9.GCP.NET.09 Ensure that Cloud Storage bucket is not anonymously and/or publicly accessible High GCP NIST 800-53 Rev 4
GCP PCI-DSS 3.2
GCP Dome9 Best Practices
D9.GCP.NET.10 Ensure that there are no publicly accessible objects in storage buckets High GCP NIST 800-53 Rev 4
GCP PCI-DSS 3.2
GCP Dome9 Best Practices

 Rules Deleted:

Rule ID Rule Name Severity Affected Bundles
D9.AZU.MON.04 Ensure that ‘Threat Detection types’ is set to ‘All’ Medium Azure CIS Foundations v. 1.0.0
Azure GDPR Readiness
Azure PCI-DSS 3.2
Azure NIST 800-53 Rev 4
Azure Dome9 Best Practices
D9.AWS.NET.21 Ensure VPC Flow Logging is Enabled in all Applicable Regions High AWS GDPR Readiness
AWS Dome9 Network Alerts
AWS Dome9 Best Practices
D9.GCP.NET.02 Asset is not labeled Medium GCP Dome9 Network Alerts

September 27, 2018 Rules Changes – click here

 

For more details, you can check out the Dome9 Helpcenter 

Stay tuned for further compliance updates!