Benchmark: GV.SC-05
Description
Requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select GV.SC-05.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.nist_csf_v2_gv_sc_05
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.nist_csf_v2_gv_sc_05 --share
Controls
- Prevent public users from having access to resources via IAM
- Ensure that the log metric filter and alerts exist for Custom Role changes including undelete operations
- Ensure that the log metric filter and alerts exist for Custom Role changes
- Ensure that the log metric filter and alerts exist for VPC Network Firewall rule changes
- Ensure that the log metric filter and alerts exist for VPC network changes
- Ensure that the log metric filter and alerts exist for VPC network route changes
- Ensure log metric filter and alerts exist for project ownership assignments/changes
- Only allow members from my domain to be added to IAM roles
- Ensure essential contacts is configured for Organization
- Ensure 'Access Approval' is 'Enabled'
- Ensure Cloud Asset Inventory is Enabled
- Check if Cloud Storage buckets have Bucket Only Policy turned on
- Ensure that Cloud Storage bucket is not anonymously or publicly accessible