mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-26 03:34:37 +03:00
mukul975
47 lines
1.6 KiB
Markdown
47 lines
1.6 KiB
Markdown
# Workflows - GCP Organization Policy Constraints
|
|
|
|
## Implementation Workflow
|
|
|
|
```
|
|
1. Inventory Phase
|
|
├── List all existing organization policies
|
|
├── Identify current resource configurations
|
|
├── Map compliance requirements to constraints
|
|
└── Document exceptions needed per team/project
|
|
|
|
2. Design Phase
|
|
├── Select constraints for baseline enforcement
|
|
├── Define exception policies for specific folders/projects
|
|
├── Plan hierarchy (Org → Folder → Project overrides)
|
|
└── Document policy inheritance chain
|
|
|
|
3. Testing Phase
|
|
├── Deploy constraints in dry-run mode
|
|
├── Monitor violation logs for 2-4 weeks
|
|
├── Identify legitimate use cases requiring exceptions
|
|
└── Refine policies based on dry-run results
|
|
|
|
4. Enforcement Phase
|
|
├── Convert dry-run policies to enforced mode
|
|
├── Apply exceptions at appropriate hierarchy level
|
|
├── Communicate changes to engineering teams
|
|
└── Monitor for new violations
|
|
|
|
5. Ongoing Governance
|
|
├── Review policies quarterly
|
|
├── Audit exception requests
|
|
├── Update constraints for new GCP services
|
|
└── Integrate with change management process
|
|
```
|
|
|
|
## Exception Management Workflow
|
|
|
|
```
|
|
1. Request → Developer requests exception for specific constraint
|
|
2. Review → Security team evaluates risk and business justification
|
|
3. Approve → Exception approved with scope (project/folder) and duration
|
|
4. Implement → Policy override applied at lowest necessary scope
|
|
5. Audit → Regular review of active exceptions
|
|
6. Expire → Time-bound exceptions automatically revert
|
|
```
|