Views:

August 11, 2025, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 08 August 2025.

Standards and Compliance Reports deprication notice
As of 11 August 2025, the following compliance standards have been deprecated:
  • AusGov ISM March 2021
  • NIS Europe OES-2019
Note
Note
These deprecated compliance standards are no longer accessible in the filters, preventing the creation of new reports or report-configurations with these outdated standards. If any existing report configurations include the deprecated compliance standard, it will not be possible to generate new PDF/CSV reports. However, the list of previously generated PDF/CSV reports remains available. We recommend updating your report configurations to use the latest versions of standards.
Coming up next for deprication:
On 04 October 2025, the following compliance standards will be deprecated:-
  • CIS Amazon Web Services Foundations Benchmark v3.0.0
  • CIS Azure Foundations Benchmark v2.0.0
  • CIS Google Cloud Platform Foundation Benchmark v2.0.0
  • The Center for Financial Industry Information Systems (FISC) v9: In anticipation of releasing the latest version of The Center for Financial Industry Information Systems (FISC) compliance standard, the previous version of the standard, v9, will be deprecated. We recommend updating your report configurations to use version 12 of the FISC by **01 June 2025**.
    Note
    Note
    These deprecated compliance standards will no longer be accessible in the filters, preventing the creation of new reports or report-configurations with this outdated standard. If any existing report configurations include the deprecated compliance standard, it will not be possible to generate new PDF/CSV reports. However, the list of previously generated PDF/CSV reports remains available.
New Rules
  • GCP
    • CloudVPC-015: Check for Unrestricted FTP Access: This rule ensures that Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP ports 20 and 21.
    • CloudVPC-018: Check for Unrestricted SQL Server Access: This rule ensures that Google Cloud VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 1433.
    • CloudVPC-014: Check for Unrestricted RPC Access: This rule ensures Google Cloud VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 135.
    • CloudVPC-013: Check for Unrestricted DNS Access: This rule ensures Google Cloud VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 53.
    • CloudVPC-007: Check for Unrestricted Oracle Database Access: This rule ensures Google Cloud VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 1521.
    • CloudFunction-007: Configure Minimum Instances for Cloud Functions: This rule ensures Google Cloud Functions have a minimum number of warm instances configured to reduce cold start latency and improve performance.
    • CloudFunction-010: Configure Maximum Instances for Cloud Functions: This rule ensures Google Cloud Functions are configured with a maximum instance limit to prevent uncontrolled scaling and unexpected costs.
    • CloudVPC-020: Ensure no GCP VPC firewall rules allow unrestricted inbound ICMP access: This rule ensures GCP VPC firewall rules don't allow unrestricted(0.0.0.0/0) inbound ICMP access.
    • CloudFunction-005: Publicly Accessible Functions: This rule ensures Google Cloud functions aren't publicly accessible by restricting IAM permissions.
    • ComputeEngine-014: Enable Deletion Protection for VM Instances: This rule ensures deletion protection is enabled for Google Cloud VM instances to prevent accidental termination.
    • ComputeEngine-016: Disable Preemptibility for VM Instances: This rule ensures that your Google Cloud Platform (GCP) projects are not using preemptible virtual machine instances for production and business-critical applications.
    • CloudFunction-009: Check for Unrestricted Outbound Network Access: This rule ensures that your Google Cloud functions are not configured to allow unrestricted outbound network access in order to prevent security vulnerabilities and minimize cloud costs.
    • CloudStorage-011: Enforce Public Access Prevention: This rule ensures that Public Access Prevention feature is enabled for your Google Cloud Storage buckets in order to restrict public access to your buckets and objects, protecting your sensitive data from accidental or malicious public exposure.
    • CloudVPC-016: Ensure no GCP VPC firewall rules allow unrestricted outbound access on all ports: This rule ensures GCP VPC firewall rules don't allow unrestricted(0.0.0.0/0) outbound access on all TCP and UDP ports to any destination, reducing the risk of data exfiltration and communication with malicious entities.
    • CloudStorage-007: Enable Object Versioning for Cloud Storage Buckets: This rule ensures Cloud Storage buckets are configured with object versioning to protect data from accidental overwrites or deletions.