The Rule CloudFront distributions support insecure SSL protocols has been updated to evaluate that Amazon CloudFront distributions are configured with TLSv1.2 as the minimum protocol version. CloudFront distributions configured with insecure or deprecated security policies, such as TLS1.1, will now fail this rule. 

To add this rule to your Organization Rule Bundle, head to the Rules Catalog page.