Benchmark: CC6.1.4
Description
Entity's Senior Management or the Information Security Officer periodically reviews and ensures that access to the critical systems is restricted to only those individuals who require such access to perform their job functions.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select CC6.1.4.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.soc_2_2017_cc_6_1_4
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.soc_2_2017_cc_6_1_4 --share
Controls
- Ensure OS login is enabled for all instances in the Project
- Ensure that Service Account has no Admin privileges
- Ensure OS login is enabled at Project level