Release 2.9
March 19, 2024
What’s New?
TotalCloud 2.9 brings updates to cloud connectors, mandates, and controls.
Common Features
Common features introduced to the TotalCloud application in this release.
Migration of Unmerged Azure and GCP CSPM Connectors
With this release, unmerged CSPM connectors of Azure and GCP accounts in the TotalCloud app are automatically migrated to the Connectors app. This merge allows you to enable all the additional connector features, such as VM scans. This merge does not impact current connector operations.
Refer to the image to view CSPM connectors before merging with Connectors app.
Refer to the image to view CSPM connectors after merging with Connectors app.
If there are Azure CSPM connectors in TotalCloud with the same subscription ID as an Azure Asset Inventory Connector, they are not migrated and remain available in the TotalCloud app. These conflicting connectors are planned to be merged in subsequent releases.
New Mandates
With this release, we bring new mandates in support of FEDRAMP.
| Doc ID | Document Name | Publisher | Version |
|---|---|---|---|
| 9521 | Federal Risk and Authorization Management Program (FedRAMP H) - High Security Baseline | Federal CIO Council | Rev.5 |
| 9543 | Federal Risk and Authorization Management Program (FedRAMP LI-SaaS) - LI-SaaS Security Baseline | Federal CIO Council | Rev.5 |
| 9541 | Federal Risk and Authorization Management Program (FedRAMP M) - Moderate Security Baseline | Federal CIO Council | Rev.5 |
| 9542 | Federal Risk and Authorization Management Program (FedRAMP L) - Low Security Baseline | Federal CIO Council | Rev.5 |
| 9561 | ISO/IEC 27001:2022 | Joint Technical Committee (JTC) 1/SC 27 of the International Organization for Standardization (ISO | Third Edition 2022-10 |
Control Changes
Changes introduced to controls in this release.
New Controls in CIS Oracle Cloud Infrastructure Foundation Benchmark Policy
|
CID |
Title |
Service |
Resource |
|---|---|---|---|
|
40024 |
Ensure permissions on all resources are given only to the tenancy administrator group. |
IAM |
POLICY |
|
40025 |
Ensure IAM administrators cannot update the tenancy administrators group. |
IAM |
POLICY |
|
40026 |
Ensure IAM password policy requires a minimum length of 14 characters. |
IAM |
IAM_PASSWORD_POLICY |
|
40027 |
Ensure default tags are used on resources. |
IAM |
COMPARTMENT |
|
40036 |
Ensure an Event Rule is configured for security list changes. |
EVENTS_SERVICE |
RULE |
|
40037 |
Ensure an Event Rule is configured for network security group changes. |
EVENTS_SERVICE |
RULE |
|
40038 |
Ensure an Event Rule is configured for changes to network gateways. |
EVENTS_SERVICE |
RULE |
|
40040 |
Ensure Cloud Guard is enabled in the root compartment of the tenancy. |
CLOUD_GUARD |
CLOUD_GUARD |
|
40041 |
Ensure an Event Rule is configured for Oracle Cloud Guard problems detected. |
EVENTS_SERVICE |
RULE |
|
40029 |
Ensure an Event Rule is configured for Identity Provider changes. |
EVENTS_SERVICE |
RULES |
|
40030 |
Ensure an Event Rule is configured for IDP group mapping changes. |
EVENTS_SERVICE |
RULES |
|
40031 |
Ensure an Event Rule is configured for IAM group changes. |
EVENTS_SERVICE |
RULES |
|
40032 |
Ensure an Event Rule is configured for IAM policy changes. |
EVENTS_SERVICE |
RULES |
|
40033 |
Ensure an Event Rule is configured for user changes. |
EVENTS_SERVICE |
RULES |
|
40034 |
Ensure an Event Rule is configured for VCN changes. |
EVENTS_SERVICE |
RULES |
|
40035 |
Ensure an Event Rule is configured for changes to route tables. |
EVENTS_SERVICE |
RULES |
|
40044 |
Ensure Block Volumes are encrypted with Customer Managed Keys (CMK). |
STORAGE |
BLOCK_VOLUME |
|
40045 |
Ensure boot volumes are encrypted with Customer Managed Key (CMK). |
STORAGE |
BOOT_VOLUME |
|
40046 |
Ensure File Storage Systems are encrypted with Customer Managed Keys (CMK). |
STORAGE |
FILE_SYSTEM |
|
40047 |
Create at least one compartment in your tenancy to store cloud resources. |
IAM |
COMPARTMENT |
Controls Migrated from 'OCI Best Practices Policy' to 'CIS Oracle Cloud Infrastructure Foundation Benchmark'
|
CID |
Title |
Service |
Resource |
|---|---|---|---|
|
40001 |
Ensure Secure Boot is enabled on Compute Instance. |
STORAGE |
BOOT_VOLUME |
|
40002 |
Ensure Compute Instance boot volume has in-transit data encryptione enabled. |
STORAGE |
BOOT_VOLUME |
Issues Addressed
- We updated the detection logic of the following controls to resolve false postive cases- CID 177, 178, 355, 50093 52013, 52014, 52015, 52016, 52017, and 52032.
- We fixed an issue where the inventory APIs failed to show data past 24 hours due to a condition in the query logic.