Benchmark: GV.SC-09
Description
Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select GV.SC-09.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.nist_csf_v2_gv_sc_09
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.nist_csf_v2_gv_sc_09 --share
Controls
- Ensure that Cloud Audit Logging is configured properly across all services and all users from a project
- GKE clusters logging should be enabled
- GKE clusters monitoring should be enabled
- GKE clusters shielded nodes integrity monitoring should be enabled
- Ensure that retention policies on log buckets are configured using Bucket Lock
- Ensure that the log metric filter and alerts exist for Audit Configuration changes
- Ensure that the log metric filter and alerts exist for Custom Role changes including undelete operations
- Ensure that the log metric filter and alerts exist for Custom Role changes
- Ensure that the log metric filter and alerts exist for VPC Network Firewall rule changes
- Ensure that the log metric filter and alerts exist for VPC network changes
- Ensure that the log metric filter and alerts exist for VPC network route changes
- Ensure log metric filter and alerts exist for project ownership assignments/changes
- Ensure that the log metric filter and alerts exist for SQL instance configuration changes
- Ensure that the log metric filter and alerts exist for Cloud Storage IAM permission changes
- Ensure that sinks are configured for all log entries