💼 1 Identity and Access Management

• Contextual name: 💼 1 Identity and Access Management
• ID: /frameworks/cis-gcp-v1.1.0/01
• Located in: 💼 CIS GCP v1.1.0

Description

This section covers recommendations addressing Identity and Access Management on Google Cloud Platform.

Similar

• Internal
  • ID: dec-b-6f73b741

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 1.1 Ensure that corporate login credentials are used		1	1
💼 1.2 Ensure that multi-factor authentication is enabled for all non-service accounts
💼 1.3 Ensure that Security Key Enforcement is enabled for all admin accounts
💼 1.4 Ensure that there are only GCP-managed service account keys for each service account
💼 1.5 Ensure that Service Account has no Admin privileges
💼 1.6 Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level
💼 1.7 Ensure user-managed/external keys for service accounts are rotated every 90 days or less
💼 1.8 Ensure that Separation of duties is enforced while assigning service account related roles to users
💼 1.9 Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible
💼 1.10 Ensure KMS encryption keys are rotated within a period of 90 days
💼 1.11 Ensure that Separation of duties is enforced while assigning KMS related roles to users
💼 1.12 Ensure API keys are not created for a project
💼 1.13 Ensure API keys are restricted to use by only specified Hosts and Apps
💼 1.14 Ensure API keys are restricted to only APIs that application needs access
💼 1.15 Ensure API keys are rotated every 90 days