March 16, 2026, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 13 March 2026.
New Rules
GCP
-
Spanner-002: Enable Default Backup Schedules for Cloud Spanner Instances: This rule ensures that your Google Cloud Spanner instances have default backup schedules enabled to automatically protect new databases with scheduled backups.
OCI
-
OCI-Functions-002: Check for Least Privilege IAM Policies for Function Invocation: This rule ensures that IAM policies controlling access to OCI Functions follow the principle of least privilege by granting only the minimum permissions necessary.
-
OCI-Functions-004: Check for Separation of Function Management and Invocation Permissions: This rule ensures that IAM policies separate function management permissions from function invocation permissions to enforce the principle of separation of duties.
-
OCI-Functions-005: Check for Resource-Level Access Controls in Function IAM Policies: This rule ensures that IAM policies implement resource-level access controls for OCI Functions using specific application or function OCIDs in policy conditions.
-
OCI-IAM-020: Rotate User SMTP Credentials: This rule ensures that IAM user SMTP credentials are rotated on a periodic basis to follow security best practices.
AWS
-
EKS-007: Ensure EKS Clusters Have Private Endpoint Enabled and Public Access Disabled: This rule ensures that Amazon EKS clusters are configured with private endpoint access enabled and public endpoint access disabled to restrict Kubernetes API access to within the VPC.