GCP Knowledge Bases

1.1 Ensure Corporate Login Credentials Are Used (Manual)
Profile Applicability: Level 1 Description: It is recommended to use corporate login credentials instead of personal or consumer accounts (e.g., Gmail ac...
Tue, 28 Jan, 2025 at 12:31 AM
1.2 Ensure Multi-Factor Authentication is Enabled for All Non-Service Accounts (Manual)
Profile Applicability: Level 1 Description: Enable multi-factor authentication (MFA) for all non-service accounts in Google Cloud Platform (GCP) to enhan...
Tue, 28 Jan, 2025 at 12:32 AM
1.3 Ensure Security Key Enforcement is Enabled for All Admin Accounts (Manual)
Profile Applicability: Level 2 Description: Enable Security Key Enforcement for all Google Cloud Platform (GCP) admin accounts to enhance account securit...
Tue, 28 Jan, 2025 at 12:46 AM
1.4 Ensure Only GCP-Managed Service Account Keys Are Used for Each Service Account (Automated)
Profile Applicability: Level 1 Description: Service accounts should not use user-managed keys. Only GCP-managed keys should be used to enhance security a...
Tue, 28 Jan, 2025 at 12:47 AM
1.5 Ensure Service Accounts Do Not Have Admin Privileges (Automated)
Profile Applicability: Level 1 Description: Service accounts are special Google accounts assigned to applications or virtual machines (VMs) to interact w...
Tue, 28 Jan, 2025 at 1:49 AM
1.6 Ensure IAM Users Are Not Assigned Service Account User or Service Account Token Creator Roles at the Project Level (Automated)
Profile Applicability: Level 1 Description: The roles Service Account User (iam.serviceAccountUser) and Service Account Token Creator (iam.serviceAccount...
Tue, 28 Jan, 2025 at 2:01 AM
1.7 Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer (Automated)
Profile Applicability: Level 1 Description: Service account keys, including a key ID and private key, are used to authenticate programmatic requests to G...
Tue, 28 Jan, 2025 at 2:34 AM
1.8 Ensure Separation of Duties Is Enforced When Assigning Service Account Roles to Users (Automated)
Profile Applicability: Level 2 Description: To maintain security best practices, the principle of Separation of Duties should be enforced when assigning ...
Tue, 28 Jan, 2025 at 3:41 AM
1.9 Ensure Cloud KMS Cryptokeys Are Not Accessible to Anonymous or Public Users (Automated)
Profile Applicability: Level 1 Description: The IAM policies for Cloud KMS cryptokeys should be configured to prevent access by allUsers or allAuthentica...
Wed, 29 Jan, 2025 at 2:52 AM
1.11 Ensure Separation of Duties Is Enforced When Assigning KMS Roles to Users (Automated)
Profile Applicability: Level 2 Description: The principle of Separation of Duties should be applied when assigning roles related to Google Cloud Key Mana...
Wed, 29 Jan, 2025 at 3:02 AM