New hardening settings for baseline 8.0
New hardening settings have been released with Security Center baseline version 7.0.
- Enforce field-level ACLs on records created from the query string of the Filtered List view UI of a table
- Enable multiple (permission policy and boundary) checks to ensure that the Role is privileged in AWS/Bedrock
- Enable Guardian for External Agents
- Enable Identity and Access Audit Tool
- Validate MIME Type of Attachments from Inbound Emails
- Enable Jelly JS Interpolation Protection
- Prohibit Use of KBA as Single Factor for AI Voice
- Require Multi-Factor Authentication for AI Voice Agent
- Log Impersonation History
- Validate MIME Type for Multi-Extension Filenames, Polyglot Files, and Null-Byte Injection
- Enable Jelly JS interpolation protection for nested expressions
- Enable Role Masking for Agents
- Disable Adding Default Roles to Skill ACLs
- Prevent Reuse of REST API Sessions in UI/Web
- Enable Anti-CSRF Token for Userperf
- Track Impersonation Events
- Disable Voice Chat Guest Impersonation
- Prevent OAuth Clients from Using Implicit Grant
- Enforce Scope Access Controls on New Tables