| π Access Approval is not enabled π’ | 1 | π’ x6 |
| π Consumer Google Accounts are used π’ | | π’ x3 |
| π Google Accounts are not configured with MFA π’ | | π’ x3 |
| π Identity Aware Proxy (IAP) is not used to enforce access controls π’ | | π’ x3 |
| π Organization Administrator Security Key Enforcement is not enabled π’ | | π’ x3 |
| π Organization Essential Contacts is not configured π’ | 1 | π’ x6 |
| π Roles related to KMS are not assigned to separate users π’ | 1 | π’ x6 |
| π Service Account has admin privileges π’ | 1 | π’ x6 |
| π Service Account has User-Managed Keys π’ | 1 | π’ x6 |
| π Service Account User-Managed Key is not rotated every 90 days π’ | 1 | π’ x6 |
| π User has both Service Account Admin and Service Account User roles assigned π’ | 1 | π’ x6 |