Skip to main content

πŸ“ Google Cloud Asset Inventory API is not enabled 🟒

  • Contextual name: πŸ“ Asset Inventory API is not enabled 🟒
  • ID: /ce/ca/google/api/cloud-asset-inventory
  • Located in: πŸ“ Google API & Services

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • RELIABILITY

Similar Policies​

Logic​

Description​

Open File

Description​

GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.

Cloud Asset Inventory Service (CAIS) API enablement is not required for operation of the service, but rather enables the mechanism for searching/exporting CAIS asset data directly.

Rationale​

The GCP resources and IAM policies captured by GCP Cloud Asset Inventory enables security analysis, resource change tracking, and compliance auditing.

It is recommended GCP Cloud Asset Inventory be enabled for all GCP projects.

Audit​

From Google Cloud Console​

Ensure that the Cloud Asset API is enabled:

  1. Go to API & Services/Library by visiting https://console.cloud.google.com/apis/library
  2. Search for Cloud Asset API and select the result for Cloud Asset API
  3. Ensure that API Enabled is displayed.

... see more

Remediation​

Open File

Remediation​

From Google Cloud Console​

Enable the Cloud Asset API:

  1. Go to API & Services/Library by visiting https://console.cloud.google.com/apis/library
  2. Search for Cloud Asset API and select the result for Cloud Asset API
  3. Click the ENABLE button.

From Google Cloud CLI​

Enable the Cloud Asset API:

  1. Enable the Cloud Asset API through the services interface:

         gcloud services enable cloudasset.googleapis.com

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS GCP v1.3.0 β†’ πŸ’Ό 2.13 Ensure Cloud Asset Inventory Is Enabled (Automated)1
πŸ’Ό CIS GCP v2.0.0 β†’ πŸ’Ό 2.13 Ensure Cloud Asset Inventory Is Enabled - Level 1 (Automated)1
πŸ’Ό CIS GCP v3.0.0 β†’ πŸ’Ό 2.13 Ensure Cloud Asset Inventory Is Enabled - Level 1 (Automated)1
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό System Configuration30
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CM-8 System Component Inventory (L)(M)(H)42
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό CM-8 System Component Inventory (L)(M)(H)2
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό CM-8 System Component Inventory (L)(M)(H)22
πŸ’Ό ISO/IEC 27001:2022 β†’ πŸ’Ό 5.9 Inventory of information and36
πŸ’Ό ISO/IEC 27001:2022 β†’ πŸ’Ό 8.8 Management of technical vulnerabilities810
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.AM-1: Physical devices and systems within the organization are inventoried3
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-01: Inventories of hardware managed by the organization are maintained4
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-02: Inventories of software, services, and systems managed by the organization are maintained9
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles21
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CM-8 System Component Inventory92
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-5 System Inventory11
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 2.4 Maintain an inventory of system components that are in scope for PCI DSS.1
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 9.9 Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution.31
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 9.9.1 Maintain an up-to-date list of devices.1
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 11.1 Implement processes to test for the presence of wireless access points (802.11), and detect and identify all authorized and unauthorized wireless access points on a quarterly basis.21
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 11.1.1 Maintain an inventory of authorized wireless access points including a documented business justification.1
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 9.5.1 POI devices that capture payment card data via direct physical interaction with the payment card form factor are protected from tampering and unauthorized substitution.31
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 9.5.1.1 An up-to-date list of POI devices is maintained.1
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 11.2.1 Authorized and unauthorized wireless access points are managed.1
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 11.2.2 An inventory of authorized wireless access points is maintained, including a documented business justification.1
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 12.5.1 An inventory of system components that are in scope for PCI DSS, including a description of function/use, is maintained and kept current.1
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 9.5.1 POI devices that capture payment card data via direct physical interaction with the payment card form factor are protected from tampering and unauthorized substitution.31
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 9.5.1.1 An up-to-date list of POI devices is maintained.1
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 11.2.1 Authorized and unauthorized wireless access points are managed.1
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 11.2.2 An inventory of authorized wireless access points is maintained, including a documented business justification.1
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 12.5.1 An inventory of system components that are in scope for PCI DSS, including a description of function/use, is maintained and kept current.1
πŸ’Ό SOC 2 β†’ πŸ’Ό CC3.2-6 Identifies Threats to Objectives1
πŸ’Ό SOC 2 β†’ πŸ’Ό CC6.1-1 Identifies and Manages the Inventory of Information Assets1