May 2023 Product Update

New releases from the
Stax product team.

COST & COMPLIANCE

Rule bundle for
PCI DSS

Support for automated security checks aligned to the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 to help organizations that accept, process, store, or transmit payment card data. This new Rule Bundle includes 17 new security controls that are unique to this bundle and a total of 42 controls across 17 AWS services.

Rule bundle for 
PCI DSS.png.png
Access to Stax-managed Cost and Usage Report data in S3

Access to Stax-managed Cost and Usage Report data in S3

Access your raw Stax Cost and Usage (CUR) data in S3 to better manage your AWS costs through greater cost transparency, flexibility and advanced integration with your existing data pipelines, and other analytics tools. Analyze your CUR data in granular detail, gaining insights tailored to your specific business needs and goals.

CIS Benchmark version 1.5.0

Stax has introduced support for the Center for Internet Security's Amazon Web Services Foundations Benchmark version 1.5.0. To enable this new version of the Bundle.

CIS Benchmark version 1.5.0
Rules UI Re-design

Rules UI Re-design

Compliance UI changes designed to simplify the process of viewing and managing compliance across your AWS environment. These changes will provide users with enhanced visibility into their compliance status, as well as improved functionality for accessing and utilizing compliance resources.

Export your Compliance Summary to PDF

With just a few clicks, generate a PDF report of their compliance summary, including your overall bundle compliance score and failing and passing resource summary.

The PDF report can be saved and shared with colleagues, auditors, and other stakeholders, providing a convenient way to keep everyone up-to-date on compliance status and demonstrate your organization's commitment to regulatory compliance and risk management.

Export your Compliance Summary to PDF
IDENTITY
Permission Sets API enablement

Permission Sets API enablement

Customers can now manage Permission Sets through the Stax API. See the documentation to read, create, update and delete Permission Sets.

Synchronize identities from Azure AD to Stax using SCIM

With System for Cross-domain Identity Management (SCIM) your users identity lifecycle including roles can be managed centrally from your Identity provider and automatically synchronised with Stax.

With SCIM, Stax allows you to automate the provisioning and distribution of updates to user groups and permissions. With this approach the risk of human error and incorrect access is greatly reduced.

Synchronize identities from Azure AD to Stax using SCIM
PLATFORM
Discover accounts via the Stax console

Discover accounts via the Stax console

 

Discover accounts within your AWS organization that have not been onboarded onto Stax via the console. This feature is now available on the Accounts page. Simply click the Organization Details icon on the top right. Once discovered, you can onboard these accounts into Stax to leverage the platform's features.

Search for all Accounts via the console

The Accounts page within the console now allows users to search for any account that exists within a user's AWS Organization. The search function will accept a variety of terms, including Account name, AWS Account ID and Account Type.

Users will also be able to experience a faster load speed of the Accounts page. To try out this new functionality, click Organization on the left-hand nav and select Accounts.

Search for all Accounts via the console
Search for all Accounts via the console

Improvement to creating and updating resources

 

Stax is streamlining our internal processes to improve the customer experience when creating and updating resources using Stax. This will include resource locks to avoid conflicting changes on the same account resource.

Stax-managed
Security Hub

As part of Stax’s well-architected foundation, Stax allows you to implement and manage AWS Security Hub with the following configuration to ensure any new or existing accounts are consistently being assessed for security threats:

• Enabled for all accounts in the AWS Organization within all
supported regions.

• Security foundation account assigned as the delegated administrator.

• Organization findings centralized in the Security foundation account in the AWS region of your Stax Installation Region.

AWS Security Hub also offers prepackaged security standards. Stax gives you a way to easily configure these standards for all accounts within any of the supported regions of your choosing from a single location, rather than enable them individually for each account and region. To learn how to get started with Stax-managed Security Hub, see the documentation.

Stax-managed 
Security Hub.png.png
GuardDuty

Stax-managed GuardDuty Configuration

Choose to opt-in to Stax-managed GuardDuty, which implements the below Amazon GuardDuty configuration by default:

  • Enables GuardDuty for all accounts within your AWS Organization
  • Assigns the Security account as the designated administrator
  • Centralizes findings within the Security account
  • Exports all GuardDuty findings to an S3 bucket in the Logging account

Customers also have the ability to configure the below GuardDuty settings across all accounts and regions:

  • S3 Protection
  • EKS Protection
  • Lambda Protection
  • Malware Protection
  • RDS Protection
  • S3 Protection
  • Findings Export Frequency

By allowing customers to opt-in to GuardDuty, customers now have the option of keeping their existing configuration of GuardDuty when they onboard onto Stax or allowing Stax to manage it on their behalf.

Estimated release date: APR-JUN '23 (General Availability)