November 17, 2025, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 14 November 2025.
Updated Compliance Standard: Azure Well-Architected Framework: We have updated our support to align with the latest recommendations of the Azure
Well-Architected Framework. Previous versions of Azure Well-Architected will be deprecated
on January 17 2026.
New Rules
Azure
- MachineLearning-010: Check for Subnet Isolation: This rule ensures Machine Learning compute instances are deployed in dedicated subnets.
- MachineLearning-008: Disable SSH Public Access: This rule ensures Machine Learning compute instances have SSH public access disabled.
- MachineLearning-007: Check OS Image Version Currency: This rule ensures compute instances use the latest OS image versions.
- MachineLearning-015: Compute Instance State Management: This rule ensures appropriate monitoring of long-running or idle compute instances is configured.
- ActivityLog-030: Create Alert for Service Health Events: This rule ensures that an activity log alert rule is created for Service Health events.
GCP
- DocumentAI-004: Enable Data Access Audit Logs for Document AI: This rule ensures data access audit logs are enabled for Document AI.
- DocumentAI-001: Implement Least Privilege Access for Document AI using Cloud IAM: This rule ensures that IAM roles with administrative permissions are not assigned to IAM identities users, groups, and service accounts for managing Document AI resources.
AWS
- Bedrock-009: Amazon Bedrock Role Policy Too Permissive: This rule ensures that your AWS service role policies are not overly permissive.
- Bedrock-010: Configure Prompt Attack Strength for AWS Bedrock Guardrails: This rule ensures that prompt attack strength is set to 'HIGH' for your AWS Bedrock guardrails.