Benchmark: 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards
Description
Customers are responsible for documenting, developing and implementing configuration standards for the GCP products in use that are within the CDE. This includes configuration standards for GCE, VPC, and GCS based on industry standards and hardening guidelines.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_2_2
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_2_2 --share
Controls
- Ensure automatic node repair is enabled on all node pools in a GKE cluster
- Ensure Automatic node upgrades is enabled on Kubernetes Engine Clusters nodes
- Ensure Container-Optimized OS (cos) is used for Kubernetes engine clusters