CloudCheckr Product announcements and release notes logo
Back to Homepage

Product announcements and release notes

Hint: Subscribe at the top to stay notified when new releases are published!

Subscribe to Updates

Labels

  • All Posts
  • Fix
  • Announcement
  • release notes
  • Improvement

Jump to Month

  • April 2025
  • February 2025
  • December 2024
  • November 2024
  • October 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • July 2022
  • April 2022
  • February 2022
  • January 2022
  • December 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
release notes
3 years ago

December 8, 2021 - CIS Benchmark updates, Best Practice Check updates, and more

Updated AWS CIS Benchmark report to v1.4

We have updated our CIS Benchmark report to version 1.4.  This update required several changes to our existing report, including re-ordering and re-numbering most of the controls. Additionally, we've changed the Scored/Not Scored column to Manual/Automated.

Check out the docs

Updated Best Practice Checks

We have updated the Stale IAM Users best practice check to identify any IAM user who has not signed in within the last 45 days. Previously, this check identified users who had not signed in within 90 days.

We have also added the following best practice checks:

  • Regions Not Enforcing EBS Volumes Encryption Upon Creation
  • S3 Buckets Not Configured to Block Public Access
  • RDS Instances Without Encryption Enabled
  • IAM Users With Multiple Access Keys
  • Expired SSL/TLS Certificates Stored in IAM
  • Regions Without IAM Access Analyzer Enabled
  • IAM Users in Multi-Account Environments Not Being Managed via Identify Federation or AWS Organizations
  • S3 Buckets Without MFA Delete Enabled
  • S3 Buckets Not Logging Object-Level Write Events
  • S3 Buckets Not Logging Object-Level Read Events
  • S3 Buckets with data not Discovered, Classified, and Secured
  • Log Metric Filter and Alarm Do Not Exist for Changes to AWS Organizations
  • Network ACLs Allowing Ingress from 0.0.0.0/0 to Administration Ports

Note: The IAM policy associated with your AWS account will need the following new permissions to fully support these updates:
     "s3:GetBucketPublicAccessBlock"
     "s3:GetBucketVersioning"
     "ec2:GetEbsEncryptionByDefault"

Bug Fixes and Improvements

  • Improved the CloudTrail Aggregate S3 Bucket Credential process to require S3 bucket region. improvement 
  • Improved the load times for the AWS RI Amortization report in Multi-Account Views. improvement 
  • Fixed an issue that prevented some custom inventory emails from sending. fix 
  • Fixed an issue that prevented the get_resources_ec2_details_V4 API call from returning data. fix 
  • Fixed an issue that prevented the Best Practice Email from sending when AWS Trusted Advisor checks were not available. fix 
  • Removed the EC2 Security Group Connections and VPC Flow Log Connections reports due to reduced customer interest and to streamline our navigation and interface. Additionally, we have deprecated the Legacy Azure RI Configuration page in preparation for our new Azure RI Configuration setup solution, which will be released in the coming weeks.  improvement