August 04, 2025, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 01 August 2025.
New Rules
- GCP
- Filestore-001: Use Customer-Managed Encryption Keys for Filestore Data Encryption: This rule ensures that data stored on your Google Cloud Filestore instances is encrypted at rest with Customer-Managed Encryption Keys (CMEK) instead of Google-managed encryption keys.
- Filestore-002: Restrict Client Access by IP Address or IP Range: This rule ensures that client access to your Google Cloud Filestore instances is limited to specific (trusted) IP addresses or IP address ranges to protect your data against unauthorized access.
- CloudStorage-012: Bucket Policies with Administrative Permissions: This rule ensures that the IAM policy associated with your Google Cloud Storage buckets does not have privileged, administrative permissions in order to promote the Principle of Least Privilege (POLP) and provide the principals the minimal amount of access required to perform their tasks.
- CloudStorage-009: Enable Usage and Storage Logs: This rule ensures that usage and storage logs are enabled for your Google Cloud Storage buckets in order to collect valuable insights into buckets activity, helping monitor access patterns, track costs, detect suspicious behavior, and ensure compliance with security and audit requirements.
- CloudVPC-008: Check for Unrestricted SMTP Acces: This rule ensures that GCP VPC firewall rules do not allow unrestricted inbound access on TCP port 25.