Skip to main content

๐Ÿ’ผ 1 Identity and Access Management

  • Contextual name: ๐Ÿ’ผ 1 Identity and Access Management
  • ID: /frameworks/cis-gcp-v3.0.0/01
  • Located in: ๐Ÿ’ผ CIS GCP v3.0.0

Descriptionโ€‹

This section covers recommendations addressing Identity and Access Management on Google Cloud Platform.

Similarโ€‹

  • Internal
    • ID: dec-b-a839d63c

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 1.1 Ensure that Corporate Login Credentials are Used - Level 1 (Manual)1
๐Ÿ’ผ 1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts - Level 1 (Manual)1
๐Ÿ’ผ 1.3 Ensure that Security Key Enforcement is Enabled for All Admin Accounts - Level 2 (Manual)1
๐Ÿ’ผ 1.4 Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account - Level 1 (Automated)1
๐Ÿ’ผ 1.5 Ensure That Service Account Has No Admin Privileges - Level 1 (Automated)1
๐Ÿ’ผ 1.6 Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level - Level 1 (Automated)1
๐Ÿ’ผ 1.7 Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer - Level 1 (Automated)1
๐Ÿ’ผ 1.8 Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users - Level 2 (Automated)1
๐Ÿ’ผ 1.9 Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible - Level 1 (Automated)1
๐Ÿ’ผ 1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days - Level 1 (Automated)1
๐Ÿ’ผ 1.11 Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users - Level 2 (Automated)1
๐Ÿ’ผ 1.12 Ensure API Keys Only Exist for Active Services - Level 2 (Automated)1
๐Ÿ’ผ 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)1
๐Ÿ’ผ 1.14 Ensure API Keys Are Restricted to Only APIs That Application Needs Access - Level 2 (Automated)1
๐Ÿ’ผ 1.15 Ensure API Keys Are Rotated Every 90 Days - Level 2 (Automated)1
๐Ÿ’ผ 1.16 Ensure Essential Contacts is Configured for Organization - Level 1 (Automated)1
๐Ÿ’ผ 1.17 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager - Level 1 (Manual)1