Stax Changelog logo

Changelog

Back to Homepage Subscribe to Updates

Labels

  • All Posts
  • Fix
  • changed
  • added
  • deprecated
  • removed
  • security
  • notice

Jump to Month

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
added
2 days ago

PCI DSS v3.2.1 Rule Bundle available in private preview

The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 Rule Bundle is now available in private preview. This Bundle is designed to help organizations maintain the security of cardholder data and protect against fraudulent activities. 

The preview Bundle version provides access to a subset of the full set of Rules and guidelines that will be included in the final release. Read more here.

Fix
a week ago

Changes to Rules IAM Access Keys Are Active

Stax has released a fix to the following rules to remediate an issue resulting in access keys being incorrectly evaluated. This issue only affected the evaluation of credentials for IAM users with multiple access keys. This change may impact the compliance score of these rules.

Bundle NameRule
IAM Best Practice Version 1.0 IAM access keys should be actively used
APRA Version 1.0 & 1.1IAM access keys should be active
CIS Benchmark Version 1.1.0, 1.2.0, 1.3.0, 1.4.0 & 1.5.0CIS 1.14 - Ensure access keys are rotated every 90 days or less
Organization Rules/Rule Catalog
IAM API keys are active
Ensure access keys are rotated every 90 days or less
changed
2 weeks ago

Stax Console Navigation Upgrade

The Stax console now features a redesigned navigation interface. This new interface is designed to bring the most used features of Stax to the front, so you're able to access them easily. 

For a detailed breakdown of the changes, see the docs.

changed
3 weeks ago

Changes to EBS Snapshot sharing with specific accounts check

On 21 March 2023, Stax will be releasing a change to the following rule to align with AWS definitions of public and private. Snapshots shared with specific AWS account IDs will no longer be marked as "public". This only affected the evaluation of public EBS snapshots, and may impact the compliance score of these rules.

Bundle NameRule
Public Exposure Bundle v1.0.0

EBS Snapshots are publicly exposed

Fix
3 weeks ago

Changes to Rules IAM Access Keys Are Active

On 21 March 2023, Stax will be releasing a fix to the following rules to remediate an issue resulting in access keys being incorrectly evaluated. This issue only affected the evaluation of credentials for IAM users with multiple access keys. This change may impact the compliance score of these rules.

Bundle NameRule
IAM Best Practice Version 1.0 IAM access keys should be actively used
APRA Version 1.0 & 1.1IAM access keys should be active
CIS Benchmark Version 1.1.0, 1.2.0, 1.3.0, 1.4.0 & 1.5.0CIS 1.14 - Ensure access keys are rotated every 90 days or less
Organization Rules/Rule Catalog
IAM API keys are active
Ensure access keys are rotated every 90 days or less


added
4 weeks ago

Discover Accounts via the Stax Console

It's now possible to discover AWS accounts in your AWS organization that are not yet managed by Stax within the Stax Console. See the documentation on how to run account discovery.

changed
a month ago

Expire non current s3 objects in Stax managed S3 Buckets

On 28 February 2023 at 0200 UTC (Tuesday, 28 February 1300 AEDT), Stax will update lifecycle configuration to expire non-current S3 object versions on the following S3 buckets in logging foundation account:

  • stax-config-<org-uuid>
  • stax-config-accesslogs-<org-uuid>

In each case above, the <org-uuid> placeholder is replaced by the UUID representing your Stax tenancy/AWS organization within Stax.

These S3 buckets are created and managed by Stax, and the usage of them is defined in the docs.

added
a month ago

CIS Benchmark version 1.5.0 is Now Available in the Compliance Module

Stax has introduced support for the Center for Internet Security's Amazon Web Services Foundations Benchmark version 1.5.0. This introduces the following changes over the previous iteration, version 1.4.0:

Three new rules were added to the Benchmark:

  • 2.3.2 Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
  • 2.3.3 Ensure that public access is not given to RDS Instance
  • 2.4.1 Ensure that encryption is enabled for EFS file systems
  • 4.16 Ensure AWS Security Hub is enabled 
  • 5.3 Ensure no security groups allow ingress from ::/0 to remote server administration ports

One rule has been changed:

  • 3.8 Ensure rotation for customer created symmetric CMKs is enabled 

The Rule Bundle cannot validate all components of the Benchmark, so the following items must be evaluated manually:

  • 1.1: Maintain current contact details
  • 1.2: Ensure security contact information is registered
  • 1.3: Ensure security questions are registered in the AWS account
  • 1.18: Ensure IAM instance roles are used for AWS resource access from instances
  • 1.21: Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
  • 2.1.4: Ensure all data in Amazon S3 has been discovered, classified and secured when required
  • 5.4: Ensure routing tables for VPC peering are "least access"

To enable this new version of the Bundle, see Keep Bundles Up To Date. If you have automatic updates enabled on the CIS Benchmark Bundle, Stax will automatically update you to version 1.5.0. 

Fix
a month ago

Fix to rule EC2 instances do not use termination protection to ignore auto-scaled instances

Stax has released a change to the rule EC2 instances do not use termination protection in the EC2 Best Practice Rule Bundle. EC2 instances managed by an auto-scaling group will now be ignored by this rule as their creation and termination is managed automatically by this AWS service.

From today, organizations with this rule enabled, who are using EC2 Auto Scaling groups, can expect to see a decrease in the number of resources failing this rule and an increase in the overall compliance result of the rule.

Fix
a month ago

Fix to rule EC2 instances do not use termination protection to ignore auto-scaled instances

On 27 February 2023, Stax will be making a change to the rule EC2 instances do not use termination protection in the EC2 Best Practice Rule Bundle which could impact the compliance score of this rule. After this date, EC2 instances managed by an auto-scaling group will be ignored by this rule as their creation and termination is managed automatically by this AWS service.

Organizations with this rule enabled who are using EC2 Auto Scaling groups can expect to see a decrease in the number of resources failing this rule and an increase in the overall compliance result of the rule.