Stax now configures AI opt-out policies for organizations under management that do not already have a policy in place on the root OU. See AWS AI services opt-out policies to learn more.

To improve the performance of Stax Workloads deployment and update operations, concurrency capacity for these operations has been increased by 200%. 

Organizations utilizing Workloads should now find that bulk Workloads operations complete more quickly.

You can now enable the Center for Internet Security (CIS) AWS Foundations Benchmark version 3.0 in AWS Security Hub using Stax with the Stax-managed Security Hub using the Stax Console, API, and SDK.

For more information, see Using Stax-managed Security Hub in the docs.

The Stax Terraform Provider, which was previously in developer preview status, has been deprecated. No further development will occur, and the module remains unsupported for production use.

Stax's guidance is not to use this module for production workloads, and to instead consider deployment using the Stax API or Python SDK.

Please note that while the Terraform provider will remain available on the Terraform Registry, there will be no further updates or development undertaken at this time.

Please raise a support case or contact your Customer Success Manager if you have any questions.

In an effort to maintain industry certifications that best reflect and align with the requirements of Stax's customers, Stax regularly reviews the certifications it maintains. After consideration, Stax will no longer be seeking to retain its PCI-DSS Service Provider certification.

Stax will continue to maintain its annual SOC2 Type II audits in line with Compliance for customers and partners.

This change does not impact the PCI-DSS Rule Bundle available to customers through the Compliance module.

Should you have any questions, please contact your Customer Success Manager or raise a support case.

Tagging of Service Control Policies in Stax is now supported in the Stax Console, Stax API, and SDK. Visit Using Service Control Policies in Stax to find out more.

A fix has been applied to the Rule DynamoDB point-in-time recovery is enabled which was causing the control to incorrectly evaluate all DynamoDB resources as non-compliant. Following the fix, the Rule now accurately assesses resources as compliant when point-in-time recovery is enabled on DynamoDB tables.

Stax has deprecated stax2aws versions 1.4.3 and older. These versions of the Stax Command Line Interface (CLI) utilized a device authorization grant solution which is no longer supported. Stax has removed the obsolete device flow resources from Stax-managed security accounts. 

All users are required to upgrade to version 1.5.0 of stax2aws to continue using the Stax CLI.

If you have questions or concerns regarding the changes, please reach out by raising a support case.

The Rule EC2 launch type container task definitions should specify a user that is not root has been updated to ECS task definitions should specify a user that is not root. This adjustment enhances the accuracy of the control's name. This updated rule is featured in the Organization and ACSC Essential 8 v1.0 Rule Bundles.

On 02 April 2024, Stax will deprecate stax2aws versions 1.4.3 and older. These versions of the Stax Command Line Interface (CLI) utilize a device authorization grant solution which is being deprecated.

All users will be required to upgrade to version 1.5.0 of stax2aws on or before 02 April 2024 to continue using the Stax CLI.

In addition, on 02 April 2024, Stax will remove the obsolete device flow resources from Stax-managed security accounts. No customer action is required for this part of the change and we will inform you when this change has been applied.

If you have questions or concerns regarding the changes, please reach out by raising a support case.