Skip to main content

πŸ›‘οΈ Google Cloud Asset Inventory API is not enabled🟒

  • Contextual name: πŸ›‘οΈ Asset Inventory API is not enabled🟒
  • ID: /ce/ca/google/api/cloud-asset-inventory
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: RELIABILITY

Logic​

Similar Policies​

Description​

Open File

Description​

GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.

Cloud Asset Inventory Service (CAIS) API enablement is not required for operation of the service, but rather enables the mechanism for searching/exporting CAIS asset data directly.

Rationale​

The GCP resources and IAM policies captured by GCP Cloud Asset Inventory enables security analysis, resource change tracking, and compliance auditing.

It is recommended GCP Cloud Asset Inventory be enabled for all GCP projects.

Audit​

From Google Cloud Console​

Ensure that the Cloud Asset API is enabled:

  1. Go to API & Services/Library by visiting https://console.cloud.google.com/apis/library
  2. Search for Cloud Asset API and select the result for Cloud Asset API
  3. Ensure that API Enabled is displayed.

... see more

Remediation​

Open File

Remediation​

From Google Cloud Console​

Enable the Cloud Asset API:

  1. Go to API & Services/Library by visiting https://console.cloud.google.com/apis/library
  2. Search for Cloud Asset API and select the result for Cloud Asset API
  3. Click the ENABLE button.

From Google Cloud CLI​

Enable the Cloud Asset API:

  1. Enable the Cloud Asset API through the services interface:

         gcloud services enable cloudasset.googleapis.com

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό CIS GCP v1.3.0 β†’ πŸ’Ό 2.13 Ensure Cloud Asset Inventory Is Enabled (Automated)1no data
πŸ’Ό CIS GCP v2.0.0 β†’ πŸ’Ό 2.13 Ensure Cloud Asset Inventory Is Enabled - Level 1 (Automated)1no data
πŸ’Ό CIS GCP v3.0.0 β†’ πŸ’Ό 2.13 Ensure Cloud Asset Inventory Is Enabled - Level 1 (Automated)1no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό System Configuration45no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CM-8 System Component Inventory (L)(M)(H)45no data
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό CM-8 System Component Inventory (L)(M)(H)2no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό CM-8 System Component Inventory (L)(M)(H)25no data
πŸ’Ό ISO/IEC 27001:2022 β†’ πŸ’Ό 5.9 Inventory of information and36no data
πŸ’Ό ISO/IEC 27001:2022 β†’ πŸ’Ό 8.8 Management of technical vulnerabilities810no data
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.AM-1: Physical devices and systems within the organization are inventoried3no data
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition8no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-01: Inventories of hardware managed by the organization are maintained4no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-02: Inventories of software, services, and systems managed by the organization are maintained9no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles25no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CM-8 System Component Inventory95no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-5 System Inventory11no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 2.4 Maintain an inventory of system components that are in scope for PCI DSS.1no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 9.9 Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution.31no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 9.9.1 Maintain an up-to-date list of devices.1no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 11.1 Implement processes to test for the presence of wireless access points (802.11), and detect and identify all authorized and unauthorized wireless access points on a quarterly basis.22no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 11.1.1 Maintain an inventory of authorized wireless access points including a documented business justification.1no data
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 9.5.1 POI devices that capture payment card data via direct physical interaction with the payment card form factor are protected from tampering and unauthorized substitution.31no data
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 9.5.1.1 An up-to-date list of POI devices is maintained.1no data
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 11.2.1 Authorized and unauthorized wireless access points are managed.1no data
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 11.2.2 An inventory of authorized wireless access points is maintained, including a documented business justification.1no data
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 12.5.1 An inventory of system components that are in scope for PCI DSS, including a description of function/use, is maintained and kept current.1no data
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 9.5.1 POI devices that capture payment card data via direct physical interaction with the payment card form factor are protected from tampering and unauthorized substitution.31no data
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 9.5.1.1 An up-to-date list of POI devices is maintained.1no data
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 11.2.1 Authorized and unauthorized wireless access points are managed.1no data
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 11.2.2 An inventory of authorized wireless access points is maintained, including a documented business justification.1no data
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 12.5.1 An inventory of system components that are in scope for PCI DSS, including a description of function/use, is maintained and kept current.1no data
πŸ’Ό SOC 2 β†’ πŸ’Ό CC3.2-6 Identifies Threats to Objectives1no data
πŸ’Ό SOC 2 β†’ πŸ’Ό CC6.1-1 Identifies and Manages the Inventory of Information Assets1no data