v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/gcp_compliance
Overview
12Dashboards
536Controls
201Queries
2Variables
GitHub

Control: 1.2 Ensure that multi-factor authentication is enabled for all non-service accounts

Description

Setup multi-factor authentication for Google Cloud Platform accounts.

Multi-factor authentication requires more than one mechanism to authenticate a user. This secures user logins from attackers exploiting stolen or weak credentials. By default, multi-factor authentication is not set.

Remediation

For each Google Cloud Platform project, folder, or organization

  • Identify non-service accounts.
  • Manually verify that multi-factor authentication for each account is set.

Refer here for more details.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.cis_v120_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.cis_v120_1_2 --share

SQL

This control uses a named query:

manual_control

Tags

benchmark = cis
category = Compliance
cis_item_id = 1.2
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.2.0
plugin = gcp
service = GCP/IAM