Ensure API keys are restricted to only APIs that application needs access Details API keys are insecure because they can be viewed publicly, such as from within a browser, or they can...
Ensure API keys are restricted to use by only specified Hosts and Apps Details Unrestricted keys are insecure because they can be viewed publicly, such as from within a browser, or they can...
Ensure API keys are rotated every 90 days Details It is recommended to rotate API keys every 90 days. Rationale: Security risks involved in using API-Keys are listed...
Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances – Block Project-wide SSH keys is enabled for VM instances Details It is recommended to use Instance specific SSH key(s) instead of using common/shared project-wide SSH key(s) to access Instances....
Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Details Interacting with a serial port is often referred to as the serial console, which is similar to using a...
Ensure KMS encryption keys are rotated within a period of 90 days Details Google Cloud Key Management Service stores cryptographic keys in a hierarchical structure designed for useful and elegant access control...
Ensure legacy networks do not exist for a project Details In order to prevent use of legacy networks, a project should not have a legacy network configured. Rationale: Legacy...
Ensure log metric filter and alerts exist for project ownership assignments/changes – alert Details In order to prevent unnecessary project ownership assignments to users/service-accounts and further misuses of projects and resources, all roles/Owner...
Ensure log metric filter and alerts exist for project ownership assignments/changes – metric Details In order to prevent unnecessary project ownership assignments to users/service-accounts and further misuses of projects and resources, all roles/Owner...
Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites Details Secure Sockets Layer (SSL) policies determine what port Transport Layer Security (TLS) features clients are permitted to use when...