Cloud One - Conformity platform best practice rules
- Cloud Conformity API Keys Rotation (30 Days)
Ensure Cloud Conformity API keys are rotated on a periodic basis as a security best practice.
- Add All AWS Accounts to Cloud Conformity
Ensure that all AWS accounts are added to your Cloud Conformity subscription.
- Users signed in to Conformity from an approved country
Conformity user authentication from a non-approved country has been detected.
- Conformity user has signed in without MFA
Conformity user authentication without MFA has been detected.
- Monitor Cloud Conformity Configuration Changes
Rule administrative configuration changes have been detected within your Cloud Conformity account.
- Cloud Conformity Custom Policy Version
Ensure that your AWS account is using the latest version of Cloud Conformity custom access policy.
- Enforce "ExternalId" Condition for CloudConformity IAM Role
Ensure that Conformity IAM role has an "externalId" condition to prevent cross-account confused deputy.
- Trend Cloud One™ – Conformity Insufficient Access Permissions
Ensure that the Conformity Bot has all the permissions required to perform its latest checks.
- Enable Cloud Conformity Multi-Factor Authentication
Ensure that Multi-Factor Authentication (MFA) is enabled to secure your Cloud Conformity account.
- Real-Time Monitoring EventBridge Rule Configuration
Ensure each AWS region has the Conformity Real-Time Monitoring EventBridge rule correctly configured.