Skip to Main Content
IBM Cloud - Structured Ideas


This portal is to open public enhancement requests against IBM Cloud and its products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

IBM Cloud Support Center (https://cloud.ibm.com/unifiedsupport/cases/form) – Use this site for any IBM Cloud defect or support need.

Stack Overflow (https://stackoverflow.com/questions/tagged/ibm-cloud) – Use this site for IBM Cloud technical Q&A using the tag "ibm-cloud".

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Categories Storage
Created by Guest
Created on Jan 31, 2024

The Current IBM CIS Benchmark Scan has a bug/flaw in few of the Controls

1) Ensure Cloud Object Storage encryption is enabled with BYOK

Ensure Cloud Object Storage encryption is enabled with KYOK

Ensure Block Storage is encrypted with BYOK

Ensure Block Storage is encrypted with KYOK

These 4 controls

Due to a flaw in the IBM scan, where it is configured to check for both BYOK and KYOK however, if only one of the methods is selected, the scan will highlight the other one as failed.

please look into this code change and enhancements support case is raised and team agreed there's an flaw and making code changes

2) Ensure OS disk is encrypted with customer managed keys

Ensure data disks are encrypted with customer managed keys

for these two controls Due to a design configuration in the IBM code, this is not possible for the already created Cloud Object Storage/OS Disks/data disks during initial steps

Scenario :
Scans are failing as they can only ignore resources at service level but not at the individual group level. Which means, if some groups need encryption and others don’t, we are unable to ‘ignore’ the ones that do not require hence, the scan throws an error even when encryption is not required on the Cloud Object Storage

the current setup should have an option to suppress the alerts/recommendations/vulnerabilities.
3)
Ensure no VPC access control lists allow ingress from 0.0.0.0/0 to SSH port

Ensure the default security group of every VPC restricts all traffic

Ensure no VPC security groups allow ingress from 0.0.0.0/0 to RDP port

Ensure no VPC security groups allow ingress from 0.0.0.0/0 to SSH port

Ensure no VPC access control lists allow ingress from 0.0.0.0/0 to RDP port

In VPC security groups, when we have a security group with multiple ports (allowed and not allowed ports), the rule should pass. Currently only port is checked. There should be allowed ports along with default ports for a rule to pass.

4)
The new version of CIS profile needed which needs to map updated COS rules
rule-9eb7b514-5c27-43ba-83fc-26d75e0bf695,

rule-ac203dbc-ff0d-49f7-bf11-c08af429cb86.
Map to the IBM CIS benchmark Scan controls [42 total ] as existing Rules has flaws


Idea priority Medium
Needed By Week