mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 10:03:42 +03:00
1.1 KiB
1.1 KiB
Standards and References - GCP Organization Policy Constraints
CIS GCP Foundations Benchmark v3.0
| Section | Control | Constraint |
|---|---|---|
| 1.4 | Ensure user-managed service account keys are rotated within 90 days | iam.disableServiceAccountKeyCreation |
| 3.10 | Ensure VPC Flow Logs are enabled | N/A (use custom constraint) |
| 4.4 | Ensure OS Login is enabled for a project | compute.requireOsLogin |
| 4.5 | Ensure serial port access is disabled | compute.disableSerialPortAccess |
| 6.2 | Ensure Cloud SQL instances are not publicly accessible | sql.restrictPublicIp |
| 5.1 | Ensure uniform bucket-level access is enabled | storage.uniformBucketLevelAccess |
NIST 800-53 Controls Mapping
- AC-3: Access Enforcement
- AC-6: Least Privilege
- CM-7: Least Functionality
- SC-7: Boundary Protection
- SC-12: Cryptographic Key Establishment
Google Cloud Security Best Practices
- Principle of least privilege for organization policies
- Hierarchical policy inheritance model
- Dry-run testing before enforcement
- Separate exception management from baseline policies