💼 1 Identity and Access Management

• Contextual name: 💼 1 Identity and Access Management
• ID: /frameworks/cis-gcp-v1.2.0/01
• Located in: 💼 CIS GCP v1.2.0

Description

This section covers recommendations addressing Identity and Access Management on Google Cloud Platform.

Similar

• Internal
  • ID: dec-b-e08e45cf

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 1.1 Ensure that corporate login credentials are used - Level 1 (Automated)		1	1
💼 1.2 Ensure that multi-factor authentication is enabled for all non-service accounts - Level 1 (Manual _ Not supported, requires a manual assessment)
💼 1.3 Ensure that Security Key Enforcement is enabled for all admin accounts - Level 2 (Manual _ Not supported, requires a manual assessment)
💼 1.4 Ensure that there are only GCP-managed service account keys for each service account - Level 1 (Automated)
💼 1.5 Ensure that Service Account has no Admin privileges - Level 1 (Automated)
💼 1.6 Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level - Level 1 (Automated)
💼 1.7 Ensure user-managed/external keys for service accounts are rotated every 90 days or less - Level 1 (Automated)
💼 1.8 Ensure that Separation of duties is enforced while assigning service account related roles to users - Level 2 (Manual)
💼 1.9 Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible - Level 1 (Automated)
💼 1.10 Ensure KMS encryption keys are rotated within a period of 90 days - Level 1 (Automated)
💼 1.11 Ensure that Separation of duties is enforced while assigning KMS related roles to users - Level 2 (Automated)
💼 1.12 Ensure API keys are not created for a project - Level 2 (Manual)
💼 1.13 Ensure API keys are restricted to use by only specified Hosts and Apps - Level 1 (Manual)
💼 1.14 Ensure API keys are restricted to only APIs that application needs access - Level 1 (Manual)
💼 1.15 Ensure API keys are rotated every 90 days - Level 1 (Manual)