Deprecated Features In Hotfix Release 113.1.0
Deprecated Features In Hotfix Release 113.1.0
Here is the list of the deprecated features in this release.
SaaS Security Posture Management (SSPM)
Deprecation of older versions of SSPM Compliance Standards and Predefined Rules
Starting 24 May, 2024, the following compliance standards and predefined rules will be deprecated in SSPM. If any existing SSPM policies include the below compliance standards and predefined rules, it will be replaced with the latest version of the same compliance standards and predefined rules, if available. If there are no similar compliance standards and predefined rules, it will be deleted from the policy. This can trigger new evaluations and the status of compliance may change because of a new set of rules that gets included in the policy.
As an impact, if the deprecated rules are part of policies (directly included or via the Compliance Standards), all findings on these rules will be removed from the latest view. You do not need to take any action.
Following predefined rules are deprecated:
App suite | Rule name | Reason | Recommended action |
Azure AD | Ensure the Password expiration policy is set to ‘Set passwords to never expire (recommended)’ | Microsoft deprecated Azure AD powershell and moved to Graph API instead | Can be replaced by future rules |
Microsoft 365 | Attachments with commonly malicious file types should be blocked | Duplicated Rule, this rule has the same NGL as another predefined rule | Can be replaced by future rules |
Microsoft 365 | Users should be notified when received mail is quarantined as spam | Microsoft has deprecated this property and moved this feature into Quarantine Policy | Can be replaced by future rules |
Microsoft 365 | Ensure audit logging for non-owner mailbox access is enabled | This rule has been deprecated from CIS 1.5 and we do not support CIS before 1.5 | Can be replaced by future rules |
Salesforce | Ensure XSS protection is enabled | Salesforce has deprecated this property and suggest using CSP for replacement | Configure content security policy (CSP) directives for trusted URLs |
Salesforce | Configure CORS allowlist origins | The needed property is not accessible without granting modify all permission which is over privileged to give from the customer | Can be replaced by future rules |
Salesforce | Enable single sign-on | The needed property is not accessible without granting modify all permission which is over privileged to give from the customer | Can be replaced by future rules |
If any of the existing SSPM policies include any of the compliance standards being deprecated, it will be replaced with the latest version of the same compliance standards. This can trigger additional alerts due to new rules being triggered. If there are no similar compliance standards and predefined rules, it will be deleted from the policy.
As an impact, new findings will be generated for all resources that are impacted by the compliance deprecation and additional alerts can be triggered due to new rules being triggered.
Following compliance standards are deprecated:
Compliance Standard | Replacement |
BPR-GITHUB | Netskope Best Practice -> GitHub |
BPR-SALESFORCE | Netskope Best Practice -> Salesforce |
BPR-SERVICENOW | Netskope Best Practice -> ServiceNow |
BPR-WORKDAY | Netskope Best Practice -> Workday |
CIS-Microsoft365_1.5.0 | CIS-MICROSOFT365-3.0 |
CSA-CCM-3.0.1 | CSA-CCM-4.0 |
ISO-27002-2013 | ISO-27002-2022 |
NIST-800-53-4 | NIST-800-53-5 |
PCI-DSS-3.2.1 | PCI-DSS-4.0 |