Views:

September 29, 2025, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 26 September 2025.

Azure
New Rules
  • NatGateway-001: Check for Private Network Integration: This rule ensures that your Microsoft Azure NAT gateways are associated with designated private subnets within a virtual network (VNet).
  • RedisCache-009: Use Network Security Groups for Azure Cache for Redis Servers: This rule ensures that your Microsoft Azure Cache for Redis servers are configured to use Network Security Groups (NSGs).
  • Functions-001: Enable Integration with Application Insights: This rule ensures that Microsoft Azure functions are configured to use the Application Insights feature.
  • CosmosDB-011: Use Role-Based Access Control for CosmosDB Data Plane Access: This rule ensures that Role-Based Access Control (RBAC) is configured for Azure CosmosDB data plane access.
GCP
New Rules
  • NetworkConnectivity-002: Use Reserved External IPs for Cloud NAT Gateways: This rule ensures that your Google Cloud NAT gateways are configured to use static reserved external IPs to maintain consistent outbound IP addresses, critical for services requiring IP allowlisting, auditing, or compliance.
  • NetworkConnectivity-003: Limit NAT to Specific Subnets Only: This rule ensures that your Google Cloud NAT gateways are mapped only to specific VPC subnets.
  • NetworkConnectivity-004: Use Private Google Access with Cloud NAT: This rule ensures that Private Google Access is enabled for the VPC subnets associated with your Cloud NAT gateways requiring access to Google Cloud services.
  • NetworkConnectivity-005: Enable Logging for Cloud NAT Gateways: This rule ensures that that logging is enabled for your Google Cloud NAT gateways.
  • ResourceManager-006: Disable Guest Attributes of Compute Engine Metadata: This rule ensures that 'Disable Guest Attributes of Compute Engine Metadata' organization policy is enforced.
  • ResourceManager-014: Skip Default VPC Network Creation: This rule ensures that 'Skip Default Network Creation' constraint policy is enforced for your Google Cloud Platform (GCP) organizations.
  • ResourceManager-015: Disable Service Account Key Upload: This rule ensures that user-managed service account key upload is disabled within your Google Cloud project, folder, or the entire organization, through the "Disable Service Account Key Upload" organization policy.
  • ResourceManager-018: Restricting the Use of Images: This rule ensures that only images from trusted Google Cloud Platform (GCP) projects are allowed as the source for boot disks for new virtual machine instances.
  • ResourceManager-016: Restrict VPN Peer IPs: This rule ensures that only trusted IPv4 addresses can be configured as VPN peer IPs within your Google Cloud organization.
  • ResourceManager-017: Restrict Authorized Networks on Cloud SQL instances: This rule ensures that the 'Restrict Authorized Networks on Cloud SQL instances; policy is enforced for your Google Cloud Platform (GCP) organization to deny IAM members to add authorized networks in order to provide access to your security-critical SQL database instances
  • ResourceManager-022: Define Allowed External IPs for VM Instances: This rule ensures that the 'Define Allowed External IPs for VM Instances' constraint policy is enforced at the GCP organization level for you to define the set of virtual machine (VM) instances that are allowed to use external IP addresses.