Views:

April 21, 2026, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 17 April 2026.

New Rules
Azure
  • ContainerRegistry-001: Disable Public Network Access to Container Registries: This rule ensures that public network access to Azure container registries is disabled.
  • ContainerRegistry-002: Disable ARM Audience Token Authentication for Container Registries: This rule ensures that ARM audience token authentication is disabled for Azure container registries.
  • ContainerRegistry-003: Container Registries Encrypted with Customer-Managed Keys: This rule ensures that Customer-Managed Keys (CMKs) are used to encrypt your Azure Container Registry (ACR) data.
  • ContainerRegistry-004: Enable Soft Delete for Container Registries: This rule ensures that Soft Delete is enabled for your Microsoft Azure container registries.
  • ContainerRegistry-005: Enable Trusted Microsoft Service Access for Container Registries: This rule ensures that trusted Microsoft services are allowed to access your network-restricted container registries.
  • ContainerRegistry-006: Use Private Endpoints for Container Registries: This rule ensures that network access to Azure container registries is allowed via private endpoints only.
  • ContainerRegistry-007: Configure IP Network Rules for Container Registries: This rule ensures that IP network rules are configured for your Azure container registries.
  • ContainerRegistry-008: Use Managed Identities for Azure Container Registries: This rule ensures that your Microsoft Azure container registries are using managed identities.
AWS
  • BedrockAgentCore-003: Cross-Service Confused Deputy Prevention for AgentCore: This rule ensures that IAM role trust policies used by Amazon Bedrock AgentCore include aws:SourceArn and aws:SourceAccount condition keys to prevent cross-service confused deputy attacks.
Updated Rules
Azure
  • ActiveDirectory-001: Enable Multi-Factor Authentication for Privileged Users: This rule ensures that Multi-Factor Authentication is enabled for all user credentials that have write access to the cloud resources within your Microsoft Azure account.