๐ก๏ธ Google Organization Administrator Security Key Enforcement is not enabled๐ขโช
- Contextual name: ๐ก๏ธ Organization Administrator Security Key Enforcement is not enabled๐ขโช
- ID:
/ce/ca/google/iam/security-key-enforcement - Tags:
- โช Impossible policy
- ๐ข Policy with categories
- ๐ข Policy with type
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Similar Policiesโ
- Cloud Conformity: Enable Security Key Enforcement for Admin Accounts
Descriptionโ
Descriptionโ
Setup Security Key Enforcement for Google Cloud Platform admin accounts.
Rationaleโ
Google Cloud Platform users with Organization Administrator roles have the highest level of privilege in the organization. These accounts should be protected with the strongest form of two-factor authentication: Security Key Enforcement. Ensure that admins use Security Keys to log in instead of weaker second factors like SMS or one-time passwords (OTP). Security Keys are actual physical keys used to access Google Organization Administrator Accounts. They send an encrypted signature rather than a code, ensuring that logins cannot be phished.
Impactโ
If an organization administrator loses access to their security key, the user could lose access to their account. For this reason, it is important to set up backup security keys.
Auditโ
Identify users with Organization Administrator privileges:
gcloud organizations get-iam-policy ORGANIZATION_ID
Look for members granted the role
roles/resourcemanager.organizationAdmin.... see more
Remediationโ
Remediationโ
- Identify users with the Organization Administrator role.
- Setup Security Key Enforcement for each account.
Learn more at: https://cloud.google.com/security-key/
policy.yamlโ
Linked Framework Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| ๐ผ CIS GCP v1.2.0 โ ๐ผ 1.3 Ensure that Security Key Enforcement is enabled for all admin accounts - Level 2 (Manual _ Not supported, requires a manual assessment) | 1 | no data | |||
| ๐ผ CIS GCP v1.3.0 โ ๐ผ 1.3 Ensure that Security Key Enforcement is Enabled for All Admin Accounts - Level 2 (Manual) | 1 | no data | |||
| ๐ผ CIS GCP v2.0.0 โ ๐ผ 1.3 Ensure that Security Key Enforcement is Enabled for All Admin Accounts - Level 2 (Manual) | 1 | no data | |||
| ๐ผ CIS GCP v3.0.0 โ ๐ผ 1.3 Ensure that Security Key Enforcement is Enabled for All Admin Accounts - Level 2 (Manual) | 1 | no data | |||
| ๐ผ Cloudaware Framework โ ๐ผ Multi-Factor Authentication (MFA) Implementation | 16 | no data |