Views:

September 1, 2025, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 29 August 2025.

Azure
  • CosmosDB-010: Azure Cosmos DB Accounts Encrypted with Customer-Managed Keys: This rule ensures that your Azure Cosmos DB accounts are encrypted using Customer-Managed Keys (CMKs) instead of Microsoft-managed keys (i.e. default keys used by Microsoft Azure for encryption at rest).
  • CosmosDB-007: Check for Virtual Network Integration: This rule ensures that Azure Cosmos DB accounts are secured with virtual networks (VNets).
  • CosmosDB-005: Define Firewall Rules for Azure Cosmos DB Accounts: This rule ensures that Azure Cosmos DB accounts have at least one IP firewall rule defined to allow trusted access.
GCP
  • GKE-029: Enable Workload Identity Federation: This rule ensures that Workload Identity Federation is enabled for your Google Kubernetes Engine (GKE) clusters to securely connect to Google Cloud APIs from Kubernetes workloads.
  • GKE-026: Enable Critical Notifications: This rule ensures that Critical Notifications are enabled for your Google Kubernetes Engine (GKE) clusters to receive important Pub/Sub messages from Google Cloud about upgrades, security bulletins, and other relevant information.
  • CloudVPC-010: Ensure no GCP VPC firewall rules allow unrestricted inbound MySQL access: This rule ensures that no GCP VPC firewall rules allow unrestricted inbound MySQL access.
  • CloudVPC-012: Ensure no GCP VPC firewall rules allow unrestricted inbound access on uncommon ports: This rule ensures that no GCP VPC firewall rules allow unrestricted inbound access on uncommon ports.
  • SecretManager-001: Implement Least Privilege Access for Secret Manager Secrets using Cloud IAM: This rule ensures that IAM roles with administrative permissions are not assigned to IAM identities (users, groups, and service accounts) managing Secret Manager secrets.
  • CloudStorage-014: Check for Sufficient Data Retention Period: This rule ensures that the objects stored within your Google Cloud Storage buckets have a sufficient data retention period configured for security and compliance purposes.