📝 Google Organization Essential Contacts is not configured 🟢

• Contextual name: 📝 Organization Essential Contacts is not configured 🟢
• ID: /ce/ca/google/iam/essential-contacts-for-organization
• Located in: 📁 Google IAM

Flags

• 🟢 Policy with categories
• 🟢 Policy with type
• 🟢 Production policy

Our Metadata

• Policy Type: COMPLIANCE_POLICY
• Policy Category:
  • SECURITY

Similar Policies

• Cloud Conformity
  • Configure Essential Contacts for Organizations

Logic

• 🧠 prod.logic.yaml 🟢
  • 📕 Google Resource Manager Organization
  • 🔌 Google Resource Manager Organization - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

It is recommended that Essential Contacts is configured to designate email addresses for Google Cloud services to notify of important technical or security information.

Rationale

Many Google Cloud services, such as Cloud Billing, send out notifications to share important information with Google Cloud users. By default, these notifications are sent to members with certain Identity and Access Management (IAM) roles. With Essential Contacts, you can customize who receives notifications by providing your own list of contacts.

Impact

There is no charge for Essential Contacts except for the 'Technical Incidents' category that is only available to premium support customers.

Audit

From Google Cloud Console

1. Go to Essential Contacts by visiting https://console.cloud.google.com/iam-admin/essential-contacts
2. Make sure the organization appears in the resource selector at the top of the page. The resource selector tells you what project, folder, or organization you are currently managing contacts for.

... see more

Remediation

Open File

Remediation

From Google Cloud Console

1. Go to Essential Contacts by visiting https://console.cloud.google.com/iam-admin/essential-contacts
2. Make sure the organization appears in the resource selector at the top of the page. The resource selector tells you what project, folder, or organization you are currently managing contacts for.
3. Click +Add contact
4. In the Email and Confirm Email fields, enter the email address of the contact.
5. From the Notification categories drop-down menu, select the notification categories that you want the contact to receive communications for.
6. Click Save

From Google Cloud CLI

1. To add an organization Essential Contacts run a command:

   gcloud essential-contacts create --email="<EMAIL>" \

   --notification-categories="<NOTIFICATION_CATEGORIES>" \

   --organization=<ORGANIZATION_ID>

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS GCP v3.0.0 → 💼 1.16 Ensure Essential Contacts is Configured for Organization - Level 1 (Automated)			1
💼 Cloudaware Framework → 💼 General Access Controls			10