Ensure API keys are restricted to only APIs that application needs access
Details API keys are insecure because they can be viewed publicly, such as from within a browser, or they can...
- Home
- Security Hardening
- CIS Google Cloud Platform V1.1.0 L1
CIS Google Cloud Platform V1.1.0 L1
Ensure API keys are restricted to use by only specified Hosts and Apps
Details Unrestricted keys are insecure because they can be viewed publicly, such as from within a browser, or they can...Ensure API keys are rotated every 90 days
Details It is recommended to rotate API keys every 90 days. Rationale: Security risks involved in using API-Keys are listed...Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances – Block Project-wide SSH keys is enabled for VM instances
Details It is recommended to use Instance specific SSH key(s) instead of using common/shared project-wide SSH key(s) to access Instances....Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance
Details Interacting with a serial port is often referred to as the serial console, which is similar to using a...Ensure KMS encryption keys are rotated within a period of 90 days
Details Google Cloud Key Management Service stores cryptographic keys in a hierarchical structure designed for useful and elegant access control...Ensure legacy networks do not exist for a project
Details In order to prevent use of legacy networks, a project should not have a legacy network configured. Rationale: Legacy...Ensure log metric filter and alerts exist for project ownership assignments/changes – alert
Details In order to prevent unnecessary project ownership assignments to users/service-accounts and further misuses of projects and resources, all roles/Owner...Ensure log metric filter and alerts exist for project ownership assignments/changes – metric
Details In order to prevent unnecessary project ownership assignments to users/service-accounts and further misuses of projects and resources, all roles/Owner...Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites
Details Secure Sockets Layer (SSL) policies determine what port Transport Layer Security (TLS) features clients are permitted to use when...