May 2023 Product Update
New releases from the
Stax product team.
COST & COMPLIANCE
Rule bundle for
PCI DSS
Support for automated security checks aligned to the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 to help organizations that accept, process, store, or transmit payment card data. This new Rule Bundle includes 17 new security controls that are unique to this bundle and a total of 42 controls across 17 AWS services.


Access to Stax-managed Cost and Usage Report data in S3
Access your raw Stax Cost and Usage (CUR) data in S3 to better manage your AWS costs through greater cost transparency, flexibility and advanced integration with your existing data pipelines, and other analytics tools. Analyze your CUR data in granular detail, gaining insights tailored to your specific business needs and goals.
CIS Benchmark version 1.5.0
Stax has introduced support for the Center for Internet Security's Amazon Web Services Foundations Benchmark version 1.5.0. To enable this new version of the Bundle, see Keep Bundles Up To Date.


Rules UI Re-design
Compliance UI changes designed to simplify the process of viewing and managing compliance across your AWS environment. These changes will provide users with enhanced visibility into their compliance status, as well as improved functionality for accessing and utilizing compliance resources.
Export your Compliance Summary to PDF
With just a few clicks, generate a PDF report of their compliance summary, including your overall bundle compliance score and failing and passing resource summary.
The PDF report can be saved and shared with colleagues, auditors, and other stakeholders, providing a convenient way to keep everyone up-to-date on compliance status and demonstrate your organization's commitment to regulatory compliance and risk management.

IDENTITY

Permission Sets API enablement
Customers can now manage Permission Sets through the Stax API. See the documentation to read, create, update and delete Permission Sets.
Synchronize identities from Azure AD to Stax using SCIM
With System for Cross-domain Identity Management (SCIM) your users identity lifecycle including roles can be managed centrally from your Identity provider and automatically synchronised with Stax.
With SCIM, Stax allows you to automate the provisioning and distribution of updates to user groups and permissions. With this approach the risk of human error and incorrect access is greatly reduced.

SOLUTIONS

Datadog Connection: Integration Accelerator
Stax Connections is a catalog of solutions that you can easily integrate within just a few clicks.
The Datadog Connection deploys Datadog’s IAM role into selected accounts, sending Cloudwatch metrics to your Datadog instance for instant AWS infrastructure monitoring.
By leveraging the Stax platform, this removes the need for teams to understand integration requirements, determine deployment mechanisms, gain access to accounts, store parameters, and manage failures. Ultimately, giving time back to teams to work on higher value tasks. Estimated release date: JUN '23 (Private Preview)
PLATFORM

Discover accounts via the Stax console
Discover accounts within your AWS organization that have not been onboarded onto Stax via the console. This feature is now available on the Accounts page. Simply click the Organization Details icon on the top right. Once discovered, you can onboard these accounts into Stax to leverage the platform's features.
Search for all Accounts via the console
The Accounts page within the console now allows users to search for any account that exists within a user's AWS Organization. The search function will accept a variety of terms, including Account name, AWS Account ID and Account Type.
Users will also be able to experience a faster load speed of the Accounts page. To try out this new functionality, click Organization on the left-hand nav and select Accounts.


Improvement to creating and updating resources
Stax is streamlining our internal processes to improve the customer experience when creating and updating resources using Stax. This will include resource locks to avoid conflicting changes on the same account resource.
Stax-managed
Security Hub
As part of Stax’s well-architected foundation, Stax allows you to implement and manage AWS Security Hub with the following configuration to ensure any new or existing accounts are consistently being assessed for security threats:
• Enabled for all accounts in the AWS Organization within all
supported regions.
• Security foundation account assigned as the delegated administrator.
• Organization findings centralized in the Security foundation account in the AWS region of your Stax Installation Region.
AWS Security Hub also offers prepackaged security standards. Stax gives you a way to easily configure these standards for all accounts within any of the supported regions of your choosing from a single location, rather than enable them individually for each account and region. To learn how to get started with Stax-managed Security Hub, see the documentation.


Stax-managed GuardDuty Configuration
Choose to opt-in to Stax-managed GuardDuty, which implements the below Amazon GuardDuty configuration by default:
- Enables GuardDuty for all accounts within your AWS Organization
- Assigns the Security account as the designated administrator
- Centralizes findings within the Security account
- Exports all GuardDuty findings to an S3 bucket in the Logging account
Customers also have the ability to configure the below GuardDuty settings across all accounts and regions:
- S3 Protection
- EKS Protection
- Lambda Protection
- Malware Protection
- RDS Protection
- S3 Protection
- Findings Export Frequency
By allowing customers to opt-in to GuardDuty, customers now have the option of keeping their existing configuration of GuardDuty when they onboard onto Stax or allowing Stax to manage it on their behalf.