Tagging of Service Control Policies in Stax is now supported in the Stax Console, Stax API, and SDK. Visit Using Service Control Policies in Stax to find out more.

A fix has been applied to the Rule DynamoDB point-in-time recovery is enabled which was causing the control to incorrectly evaluate all DynamoDB resources as non-compliant. Following the fix, the Rule now accurately assesses resources as compliant when point-in-time recovery is enabled on DynamoDB tables.

Stax has deprecated stax2aws versions 1.4.3 and older. These versions of the Stax Command Line Interface (CLI) utilized a device authorization grant solution which is no longer supported. Stax has removed the obsolete device flow resources from Stax-managed security accounts. 

All users are required to upgrade to version 1.5.0 of stax2aws to continue using the Stax CLI.

If you have questions or concerns regarding the changes, please reach out by raising a support case.

The Rule EC2 launch type container task definitions should specify a user that is not root has been updated to ECS task definitions should specify a user that is not root. This adjustment enhances the accuracy of the control's name. This updated rule is featured in the Organization and ACSC Essential 8 v1.0 Rule Bundles.

On 02 April 2024, Stax will deprecate stax2aws versions 1.4.3 and older. These versions of the Stax Command Line Interface (CLI) utilize a device authorization grant solution which is being deprecated.

All users will be required to upgrade to version 1.5.0 of stax2aws on or before 02 April 2024 to continue using the Stax CLI.

In addition, on 02 April 2024, Stax will remove the obsolete device flow resources from Stax-managed security accounts. No customer action is required for this part of the change and we will inform you when this change has been applied.

If you have questions or concerns regarding the changes, please reach out by raising a support case.

Stax local user accounts' multi-factor authentication (MFA) status is now available on the Users page in the Stax Console. This update simplifies the process of identifying local Stax users with MFA enabled.

To explore this feature, visit the Users page in the Stax Console or refer to our Stax API and SDK documentation.

Please note, this status check is not refreshed immediately and can take up to four hours for the updated information to appear.

The NIST Special Publication 800-53 Revision 5 standard can now be enabled in Stax-managed Security Hub using the Stax Console, Stax API, and SDK.

For more information and to get started, see Using Stax-managed Security Hub.

Stax has enhanced the CloudWatch Log metric filters and alarms configured in Stax-managed AWS Management accounts. This update helps customers aiming to align with the latest CIS AWS Benchmark by including new CloudWatch Log metric filters and alarms for the following CIS AWS Benchmark v1.5.0 controls: 

• 4.1 Ensure a log metric filter and alarm exist for unauthorized API calls
• 4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes

Existing CIS Benchmark v1.2.0 CloudWatch Log metric filters and alarms configured by Stax remain unchanged.

Stax has enabled AWS Cost Optimization Hub, centralizing cost savings opportunities and recommendations for your entire organization within the Management account. Furthermore, Stax configures AWS Compute Optimizer for your tenancy, enriching your optimization findings and recommendations.

To get started, log into AWS in your Stax-managed Management account and navigate to Cost Optimization Hub within the AWS Billing and Cost Management Console.

As announced, Stax has uplifted the Stax-managed Security Hub service, aligning our solution with the newly released AWS Security Hub central configuration capability. Review our guide to understand the change in more detail.

If you have questions or concerns regarding the changes, please reach out by raising a support case.