turbot/gcp_compliance

Control: 1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts

Description

Setup multi-factor authentication for Google Cloud Platform accounts.

Multi-factor authentication requires more than one mechanism to authenticate a user. This secures user logins from attackers exploiting stolen or weak credentials.

Remediation

From Console

For each Google Cloud Platform project:

  1. Identify non-service accounts.
  2. Setup multi-factor authentication for each account.

Default Value

By default, multi-factor authentication is not set.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.cis_v300_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.cis_v300_1_2 --share

SQL

This control uses a named query:

manual_control

Tags