gcp_compliance

GCP Compliance

In order to prevent unnecessary project ownership assignments to users/service-accounts and further misuses of projects and resources, all roles/Owner assignments should be monitored. Members (users/Service-Accounts) with a role assignment to primitive role roles/Owner are project owners.

logging_metric_alert_project_ownership_assignment

hipaa_164_312_b

164.312(b) Audit controls

nist_800_53_rev_5_au_12

Audit Record Generation (AU-12)

nist_800_53_rev_5_au_7

Audit Record Reduction And Report Generation (AU-7)

nist_csf_v10_de_ae_3

DE.AE-3

nist_800_53_rev_5_au_2

Event Logging (AU-2)

all_controls_logging

Logging

nist_csf_v10_pr_pt_1

PR.PT-1

Ensure log metric filter and alerts exist for project ownership assignments/changes

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, Forseti Security and CFT Scorecard across all your GCP projects using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-gcp-compliance

Control: Ensure log metric filter and alerts exist for project ownership assignments/changes

Description

Usage

SQL

Tags