Skip to content
This repository has been archived by the owner on Jun 25, 2024. It is now read-only.

Updated GCP Questions v1.3 and v2.0 #586

Merged
merged 4 commits into from
Dec 21, 2023

Conversation

mikiodehartj1
Copy link
Contributor

Added questions from CIS GCP Benchmark v1.3 and 2.0 + Mappings to v1.1 questions. Additionally, added comments to help visually organize the code.

@mikiodehartj1 mikiodehartj1 requested a review from a team as a code owner April 19, 2023 18:58
@jzolo22 jzolo22 changed the base branch from main to all-compliance-updates December 20, 2023 22:29
- name: bad
query: |
find google_sql_mysql_instance with localInfile!='off'
query:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikiodehartj1 Is it intentional that these don't have queries?

Added questions from CIS GCP Benchmark v1.3 and 2.0 + Mappings to v1.1 questions. Additionally, added comments to help visually organize the code.
description:
It is recommended that the principle of 'Separation of Duties' is enforced while assigning service-account related roles to users.
- name: good
query:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have queries for these?

title: Ensure API Keys Only Exist for Active Services
description:
API Keys should only be used for services in cases where other authentication methods are unavailable. Unused keys with their permissions in tact may still exist within a project. Keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to use standard authentication flow instead.
queries:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another

@jzolo22 jzolo22 force-pushed the mikiodehartj1-patch-2 branch from cc8624a to 010cea1 Compare December 21, 2023 20:10
Comment on lines +543 to +545
# - id: integration-question-google-
# title:
# description:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikiodehartj1 if you want to fill these in I can comment this one back in

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

id: integration-question-google-dataproc-encryption
title: Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key
description: When you use Dataproc, cluster and job data is stored on Persistent Disks (PDs) associated with the Compute Engine VMs in your cluster and in a Cloud Storage staging bucket. This PD and bucket data is encrypted using a Google-generated data encryption key (DEK) and key encryption key (KEK). The CMEK feature allows you to create, use, and revoke the key encryption key (KEK). Google still controls the data encryption key (DEK).

requirements:
- '6.2.5'

#6.2.5 (GCP v 2.0 Only)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comment says 2.0 only but it's listed for 1.3 also, is that ok?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a mistake. Line 1941-1943 should be deleted.

@jzolo22 jzolo22 merged commit 84bd8d5 into all-compliance-updates Dec 21, 2023
5 checks passed
@jzolo22 jzolo22 deleted the mikiodehartj1-patch-2 branch December 21, 2023 20:45
@j1-internal-automation
Copy link
Collaborator

🚀 PR was released in v3.2.6 🚀

@j1-internal-automation j1-internal-automation added the released This issue/pull request has been released. label Jan 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
released This issue/pull request has been released.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants