Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-gcp-compliance
Overview
14Dashboards
621Benchmarks
202Queries
2Variables
GitHub

Control: 1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts

Description

Setup multi-factor authentication for Google Cloud Platform accounts.

Multi-factor authentication requires more than one mechanism to authenticate a user. This secures user logins from attackers exploiting stolen or weak credentials.

Remediation

From Google Cloud Console

For each Google Cloud Platform project:

  1. Identify non-service accounts.

  2. Setup multi-factor authentication for each account.

Default Value

By default, multi-factor authentication is not set.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.cis_v400_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.cis_v400_1_2 --share

SQL

This control uses a named query:

select
  'https://cloudresourcemanager.googleapis.com/v1/projects/' || project_id resource,
  'info' status,
  'Manual verification required.' reason
  , project_id as project
from
  gcp_project;

Tags

benchmark = cis
category = Compliance
cis_item_id = 1.2
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v4.0.0
plugin = gcp
service = GCP/IAM