Home
Security Hardening
CIS Google Cloud Platform V1.1.0 L2

CIS Google Cloud Platform V1.1.0 L2

Ensure API keys are not created for a project
Details Keys are insecure because they can be viewed publicly, such as from within a browser, or they can be...
Ensure Compute instances are launched with Shielded VM enabled
Details To defend against against advanced threats and ensure that the boot loader and firmware on your VMs are signed...
Ensure Firewall Rules for instances behind Identity Aware Proxy (IAP) only allow the traffic from Google Cloud Loadbalancer (GCLB) Health Check and Proxy Addresses
Details Access to VMs should be restricted by firewall rules that allow only IAP traffic by ensuring only connections proxied...
Ensure ‘log_error_verbosity’ database flag for Cloud SQL PostgreSQL instance is set to ‘DEFAULT’ or stricter
Details The log_error_verbosity flag controls the verbosity/details of messages logged. Valid values are: TERSE DEFAULT VERBOSE TERSE excludes the logging...
Ensure ‘log_executor_stats’ database flag for Cloud SQL PostgreSQL instance is set to ‘off’
Details The PostgreSQL executor is responsible to execute the plan handed over by the PostgreSQL planner. The executor processes the...
Ensure ‘log_parser_stats’ database flag for Cloud SQL PostgreSQL instance is set to ‘off’
Details The PostgreSQL planner/optimizer is responsible to parse and verify the syntax of each query received by the server. If...
Ensure ‘log_planner_stats’ database flag for Cloud SQL PostgreSQL instance is set to ‘off’
Details The same SQL query can be excuted in multiple ways and still produce different results. The PostgreSQL planner/optimizer is...
Ensure ‘log_statement_stats’ database flag for Cloud SQL PostgreSQL instance is set to ‘off’
Details The log_statement_stats flag controls the inclusion of end to end performance statistics of a SQL query in the PostgreSQL...
Ensure that a Default Customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets
Details BigQuery by default encrypts the data as rest by employing Envelope Encryption using Google managed cryptographic keys. The data...
Ensure that all BigQuery Tables are encrypted with Customer-managed encryption key (CMEK)
Details BigQuery by default encrypts the data as rest by employing Envelope Encryption using Google managed cryptographic keys. The data...

CIS Google Cloud Platform V1.1.0 L2

Ensure API keys are not created for a project

Ensure Compute instances are launched with Shielded VM enabled

Ensure Firewall Rules for instances behind Identity Aware Proxy (IAP) only allow the traffic from Google Cloud Loadbalancer (GCLB) Health Check and Proxy Addresses

Ensure ‘log_error_verbosity’ database flag for Cloud SQL PostgreSQL instance is set to ‘DEFAULT’ or stricter

Ensure ‘log_executor_stats’ database flag for Cloud SQL PostgreSQL instance is set to ‘off’

Ensure ‘log_parser_stats’ database flag for Cloud SQL PostgreSQL instance is set to ‘off’

Ensure ‘log_planner_stats’ database flag for Cloud SQL PostgreSQL instance is set to ‘off’

Ensure ‘log_statement_stats’ database flag for Cloud SQL PostgreSQL instance is set to ‘off’

Ensure that a Default Customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets

Ensure that all BigQuery Tables are encrypted with Customer-managed encryption key (CMEK)