August 04, 2025, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 01 August 2025.
New Rules
- GCP
- Filestore-001: Use Customer-Managed Encryption Keys for Filestore Data Encryption: This rule ensures that data stored on your Google Cloud Filestore instances is encrypted at rest with Customer-Managed Encryption Keys (CMEK) instead of Google-managed encryption keys.
- Filestore-002: Restrict Client Access by IP Address or IP Range: This rule ensures that client access to your Google Cloud Filestore instances is limited to specific (trusted) IP addresses or IP address ranges to protect your data against unauthorized access.
- CloudStorage-012: Bucket Policies with Administrative Permissions: This rule ensures that the IAM policy associated with your Google Cloud Storage buckets does not have privileged, administrative permissions in order to promote the Principle of Least Privilege (POLP) and provide the principals the minimal amount of access required to perform their tasks.
- CloudStorage-009: Enable Usage and Storage Logs: This rule ensures that usage and storage logs are enabled for your Google Cloud Storage buckets in order to collect valuable insights into buckets activity, helping monitor access patterns, track costs, detect suspicious behavior, and ensure compliance with security and audit requirements.
- CloudVPC-008: Check for Unrestricted SMTP Acces: This rule ensures that GCP VPC firewall rules do not allow unrestricted inbound access on TCP port 25.
- CloudVPC-011: Ensure GCP VPC firewall rule logging excludes metadata: This rule ensures that Virtual Private Cloud (VPC) firewall logging is not configured to include logging metadata in order to reduce the size of the log files and optimize cloud storage costs.
- CloudVPC-017: Ensure no GCP VPC firewall rules allow unrestricted inbound PostgreSQL access: This rule ensures that Google Cloud VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 5432.