Detections
Analytics

CIS Google Cloud Platform v1.1.0 L2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Google Cloud Platform v1.1.0 L2

Updated: 1/4/2023

Authority: Cloud Services

Plugin: GCP

Revision: 1.3

Estimated Item Count: 22

Audit Items

DescriptionCategories
1.3 Ensure that Security Key Enforcement is enabled for all admin accounts
1.8 Ensure that Separation of duties is enforced while assigning service account related roles to users
1.11 Ensure that Separation of duties is enforced while assigning KMS related roles to users
1.12 Ensure API keys are not created for a project
3.1 Ensure that the default network does not exist in a project
3.6 Ensure that SSH access is restricted from the internet
3.7 Ensure that RDP access is restricted from the Internet
3.10 Ensure Firewall Rules for instances behind Identity Aware Proxy (IAP) only allow the traffic from Google Cloud Loadbalancer (GCLB) Health Check and Proxy Addresses
4.7 Ensure VM disks for critical VMs are encrypted with Customer-Supplied Encryption Keys (CSEK)
4.8 Ensure Compute instances are launched with Shielded VM enabled
4.9 Ensure that Compute instances do not have public IP addresses
4.10 Ensure that App Engine applications enforce HTTPS connections
4.11 Ensure that Compute instances have Confidential Computing enabled
5.2 Ensure that Cloud Storage buckets have uniform bucket-level access enabled
6.2.2 Ensure 'log_error_verbosity' database flag for Cloud SQL PostgreSQL instance is set to 'DEFAULT' or stricter
6.2.9 Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
6.2.10 Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
6.2.11 Ensure 'log_executor_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
6.2.12 Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
6.6 Ensure that Cloud SQL database instances do not have public IPs
7.2 Ensure that all BigQuery Tables are encrypted with Customer-managed encryption key (CMEK)
7.3 Ensure that a Default Customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets