October 07, 2025, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 03 October 2025.
AWS
New Rules
- Updated Compliance Standards: KISA ISMS-P: We've released AWS support for the KISA ISMS-P Compliance Framework. It is now possible to sort and filter AWS checks based on KISA ISMS-P controls.
Azure
New Rules
-
- RedisCache-011: Configure Preferred Maintenance Window for Scheduled Updates: This rule ensures that your Azure Cache for Redis servers are configured with a preferred maintenance window for scheduled updates.
- NatGateway-004: Check For Public IP Association: This rule ensures that your Microsoft Azure NAT gateways are using public IP addresses or public IP prefixes for outbound connectivity.
- FrontDoor-003: Enable Web Application Firewall for Front Door Profiles: This rule ensures that Web Application Firewall (WAF) security policies are enabled for your Microsoft Azure Front Door profiles.
- FrontDoor-004: Azure Front Door Origin Security and Access Restriction: This rule ensures that Microsoft Azure Front Door (AFD) profiles are configured with Azure Private Link to securely connect to your AFD origin.
- Functions-005: Azure Functions with Admin Privileges: This rule ensures that Azure functions are not configured with admin privileges.
- NatGateway-002: Check for Optimal Idle Timeout Configuration: This rule ensures that TCP idle timeout is appropriately configured for your Microsoft Azure NAT gateways in order to prevent connection failures and optimize resource utilization.
- RedisCache-012: Enterprise Redis Cache Clusters Encrypted with Customer-Managed Keys: This rule ensures that Enterprise Redis cache clusters are encrypted using Customer-Managed Keys (CMKs) instead of Microsoft-managed keys.
- RedisCache-010: Disable Non-TLS Access for Redis Enterprise Cache Servers: This rule ensures that Enterprise Redis cache clusters are configured to accept TLS connections only to meet Microsoft Azure cloud security and compliance requirements.
GCP
New Rules
- CloudCDN-002: Configure Cloud CDN origin authentication: This rule ensures that Cloud CDN origins are configured to authenticate access to the content available at backend (backend buckets or backend services) using signed cookies and signed URLs.
- CloudLoadBalancing-005: Configure Cloud CDN origin backend bucket: This rule ensures that the Cloud CDN origin associated with your Google Cloud load balancer points to a backend bucket instead of backend service in order to provide enhanced performance, cost savings, simplified management, and the ability to customize caching rules.
- Filestore-004: Use On-Demand Backup and Restore for Google Cloud Filestore Instances: This rule ensures data protection, disaster recovery, and regulatory compliance by using the on-demand backup and restore functionality for your Google Cloud Filestore instances.
- ResourceManager-023: Restrict the Creation of Cloud Resources to Specific Locations: This rule ensures that the locations where location-based cloud resources can be created within your GCP organization are defined using the "Google Cloud Platform - Resource Location Restriction" organization policy.
- CloudCDN-001: Backend Buckets Referencing Missing Storage Buckets: This rule ensures that Cloud CDN backend buckets are referencing existing storage buckets in order to be able to deliver static content efficiently from the nearest edge location to users.
- CloudRun-010: Cloud Run Request Concurrency: This rule ensures that the value configured for the maximum concurrent requests per instance is optimal to improve application responsiveness and scalability during traffic spikes.
- CloudStorage-013: Secure CORS Configuration: This rule ensures that Cross-Origin Resource Sharing (CORS) configuration set for your Google Cloud Storage buckets only allow trusted origins in order to prevent unauthorized data access from web applications.
- CloudLoadBalancing-006: Approved External Load Balancers: This rule ensures that web applications are using only approved external load balancers to comply with your organization's security and industry requirements.
- CloudLoadBalancing-007: Configure edge security policies for load balancer backend services: This rule ensures that the backend services associated with your Google Cloud load balancers are protected with edge security policies provided by the Cloud Armor service in order to shield your backend services from a range of potential attacks.
- CloudCDN-003: Configure SSL/TLS certificates for Cloud CDN backend service origins: This rule ensures that Google Cloud CDN backend service origins are using SSL/TLS certificates to enforce HTTPS in order to manage encrypted traffic.