AC_GCP_0301 | Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs | GCP | Identity and Access Management | HIGH |
AC_GCP_0302 | Ensure security rule is configured for protection against Apache Log4j2 in Google Compute Security Policy | GCP | Infrastructure Security | HIGH |
AC_GCP_0303 | Ensure that retention policies on log buckets are configured using Bucket Lock | GCP | Logging and Monitoring | LOW |
AC_GCP_0304 | Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK) | GCP | Data Protection | MEDIUM |
AC_GCP_0305 | Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0306 | Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0307 | Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0308 | Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0309 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0310 | Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0311 | Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0312 | Ensure That Cloud DNS Logging Is Enabled for All VPC Networks | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0313 | Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible | GCP | Data Protection | MEDIUM |
AC_GCP_0314 | Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users | GCP | Identity and Access Management | HIGH |
AC_GCP_0315 | Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on' | GCP | Compliance Validation | LOW |
AC_GCP_0316 | Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0317 | Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_GCP_0318 | Ensure That Sinks Are Configured for All Log Entries | GCP | Logging and Monitoring | LOW |
AC_GCP_0319 | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | GCP | Infrastructure Security | LOW |
AC_GCP_0323 | Ensure Compute Instances Are Launched With Shielded VM Enabled | GCP | Infrastructure Security | LOW |
AC_GCP_0327 | Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key | GCP | Infrastructure Security | LOW |
AC_GCP_0330 | Ensure Essential Contacts is Configured for Organization | GCP | Logging and Monitoring | LOW |
AC_GCP_0336 | Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | GCP | Identity and Access Management | LOW |
AC_GCP_0337 | Ensure Cloud Asset Inventory Is Enabled | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0347 | Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging | GCP | Compliance Validation | LOW |
AC_GCP_0358 | Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | GCP | Logging and Monitoring | LOW |
AC_GCP_0365 | Ensure API Keys Only Exist for Active Services | GCP | Security Best Practices | MEDIUM |
AC_GCP_0366 | Ensure API Keys Are Restricted to Only APIs That Application Needs Access | GCP | Security Best Practices | MEDIUM |
AC_GCP_0367 | Ensure API Keys Are Rotated Every 90 Days | GCP | Security Best Practices | MEDIUM |
AC_GCP_0368 | Ensure Logging is enabled for HTTP(S) Load Balancer | GCP | Security Best Practices | MEDIUM |
AC_GCP_0370 | Ensure Instance IP assignment is set to private | GCP | Compliance Validation | LOW |
AC_GCP_0371 | Ensure That the Default Network Does Not Exist in a Project - google_compute_network | GCP | Infrastructure Security | LOW |