CIS Google Cloud Platform v1.3.0 L2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Google Cloud Platform v1.3.0 L2

Updated: 12/4/2023

Authority: CIS

Plugin: GCP

Revision: 1.2

Estimated Item Count: 23

Audit Items

DescriptionCategories
1.3 Ensure that Security Key Enforcement is Enabled for All Admin Accounts
1.8 Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users
1.11 Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users
1.12 Ensure API Keys Are Not Created for a Project
1.17 Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
2.3 Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
2.13 Ensure Cloud Asset Inventory Is Enabled
2.15 Ensure 'Access Approval' is 'Enabled'
3.1 Ensure That the Default Network Does Not Exist in a Project
3.6 Ensure That SSH Access Is Restricted From the Internet
3.7 Ensure That RDP Access Is Restricted From the Internet
3.10 Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'
4.7 Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)
4.8 Ensure Compute Instances Are Launched With Shielded VM Enabled
4.9 Ensure That Compute Instances Do Not Have Public IP Addresses
4.10 Ensure That App Engine Applications Enforce HTTPS Connections
4.11 Ensure That Compute Instances Have Confidential Computing Enabled
4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects
5.2 Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
6.2.1 Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter
6.6 Ensure That Cloud SQL Database Instances Do Not Have Public IPs
7.2 Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets