The HIPAA Security Rule ensures patients and their Protected Health Information (ePHI) are protected, as well as healthcare facilities and health insurance providers.
To read more about HIPAA security rule, please visit HIPAA home page .
HIPAA non-compliance issues (74)
| Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action | |
|---|---|---|---|---|---|---|---|---|
| IAM & Admin | Low | CIS 1.7 PCI DSS (Networking) HIPAA (Networking) | global | d7cdf0e28512f79b6b5ac175bea7285a266e984b | User-managed key has not been rotated in 224 days. | Ensure that the user-managed keys associated with your service accounts are rotated every 90 days or less. | More info | |
| Network Services | High | PCI DSS 4.2 HIPAA (Encryption) | global | my-loadbalancer2 | Load balancer uses no valid SSL/TLS certificate. | To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, ensure that your load balancers are configured to use valid SSL/TLS certificates. | More info | |
| Compute Engine | High | PCI DSS 3.5 HIPAA (Encryption) | us-west4 | instance-1 | VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. | More info | |
| Compute Engine | High | PCI DSS 3.5 HIPAA (Encryption) | us-west4 | instance-2 | VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. | More info | |
| Compute Engine | Medium | CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) | us-west4 | instance-1 | Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. | More info | |
| Compute Engine | High | PCI DSS 3.5 HIPAA (Encryption) | us-central1 | gke-cluster-1-default-pool-fc104738-2sxd | VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. | More info | |
| Compute Engine | High | PCI DSS 3.5 HIPAA (Encryption) | us-central1 | gke-cluster-1-default-pool-fc104738-427b | VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. | More info | |
| Compute Engine | High | PCI DSS 3.5 HIPAA (Encryption) | us-central1 | gke-cluster-1-default-pool-fc104738-dlsn | VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. | More info | |
| Compute Engine | High | PCI DSS 3.5 HIPAA (Encryption) | us-central1 | mysql-5-7-secured-by-sg-1-vm | VM instance has no persistent disks encrypted with Customer-Managed Keys (CMKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that the persistent disks attached to your VM instances are encrypted with CMKs. | More info | |
| Compute Engine | Medium | CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) | us-central1 | disk-1 | Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. | More info | |
| Compute Engine | Medium | CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) | us-central1 | gke-cluster-1-default-pool-fc104738-2sxd | Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. | More info | |
| Compute Engine | Medium | CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) | us-central1 | gke-cluster-1-default-pool-fc104738-427b | Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. | More info | |
| Compute Engine | Medium | CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) | us-central1 | gke-cluster-1-default-pool-fc104738-dlsn | Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. | More info | |
| Compute Engine | Medium | CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) | us-central1 | mysql-5-7-secured-by-sg-1-vm | Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. | More info | |
| Compute Engine | Medium | CIS 4.7 PCI DSS 3.5 HIPAA (Encryption) | us-central1 | mysql-5-7-secured-by-sg-1-vm-disk1 | Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk. | More info | |
| Pub/Sub | High | PCI DSS 3.5 HIPAA (Encryption) | global | my-topic | Pub/Sub topic is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Pub/Sub topics are encrypted using CMK. | More info | |
| Pub/Sub | High | PCI DSS 3.5 HIPAA (Encryption) | global | my-topic | Pub/Sub topic is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Pub/Sub topics are encrypted using CMK. | More info | |
| Pub/Sub | High | PCI DSS 3.5 HIPAA (Encryption) | global | my-topic2 | Pub/Sub topic is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Pub/Sub topics are encrypted using CMK. | More info | |
| Pub/Sub | High | PCI DSS 3.5 HIPAA (Encryption) | global | my-topic2 | Pub/Sub topic is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Pub/Sub topics are encrypted using CMK. | More info | |
| Pub/Sub | High | PCI DSS 3.5 HIPAA (Encryption) | global | my-topic3 | Pub/Sub topic is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Pub/Sub topics are encrypted using CMK. | More info | |
| Pub/Sub | High | PCI DSS 3.5 HIPAA (Encryption) | global | my-topic3 | Pub/Sub topic is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Pub/Sub topics are encrypted using CMK. | More info | |
| Key Management | Critical | CIS 1.10 PCI DSS 3.7.4 HIPAA (Encryption) | global | my-keyring3-name | KMS cryptographic key has no rotation period set. | To fulfill HIPAA and PCI DSS key rotation requirements, ensure all cryptographic keys are set to rotate periodically. | More info | |
| Kubernetes Engine | High | PCI DSS 3.5 HIPAA (Encryption) | global | cluster-1 | No Customer-Managed Keys (CMK) encryption found for Kubernetes cluster node pools: node-pool4, node-pool3, default-pool. | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Kubernetes cluster node pools are encrypted using CMK. | More info | |
| Kubernetes Engine | Medium | PCI DSS 10.2 HIPAA (Audit) | global | cluster-1 | Kubernetes cluster has logging disabled. | To fulfill HIPAA compliance requirements for logging of all activity, ensure all Kubernetes clusters have logging enabled. | More info | |
| Kubernetes Engine | High | PCI DSS 3.5 HIPAA (Encryption) | global | cluster-1 | Kubernetes cluster nodes are not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Kubernetes cluster nodes are encrypted using CMK. | More info | |
| Cloud Storage | High | PCI DSS 3.5 HIPAA (Encryption) | global | gcf-sources-853160546542-us-central1 | Storage bucket is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your storage buckets are encrypted using CMK. | More info | |
| Cloud Storage | Medium | PCI DSS 10.2 HIPAA (Audit) | global | gcf-sources-853160546542-us-central1 | Storage bucket has no logging enabled. | To fulfill HIPAA requirements for logging of all activity including access and actions taken, enable logging for your storage buckets by using "gsutil logging set on" command | More info | |
| Cloud Storage | High | PCI DSS 3.5 HIPAA (Encryption) | global | prevasio-test-bucket | Storage bucket is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your storage buckets are encrypted using CMK. | More info | |
| Cloud Storage | Medium | PCI DSS 10.2 HIPAA (Audit) | global | prevasio-test-bucket | Storage bucket has no logging enabled. | To fulfill HIPAA requirements for logging of all activity including access and actions taken, enable logging for your storage buckets by using "gsutil logging set on" command | More info | |
| Cloud Storage | High | PCI DSS 3.5 HIPAA (Encryption) | global | staging.sylvan-surf-339107.appspot.com | Storage bucket is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your storage buckets are encrypted using CMK. | More info | |
| Cloud Storage | Medium | PCI DSS 10.2 HIPAA (Audit) | global | staging.sylvan-surf-339107.appspot.com | Storage bucket has no logging enabled. | To fulfill HIPAA requirements for logging of all activity including access and actions taken, enable logging for your storage buckets by using "gsutil logging set on" command | More info | |
| Cloud Storage | High | PCI DSS 3.5 HIPAA (Encryption) | global | sylvan-surf-339107.appspot.com | Storage bucket is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your storage buckets are encrypted using CMK. | More info | |
| Cloud Storage | Medium | PCI DSS 10.2 HIPAA (Audit) | global | sylvan-surf-339107.appspot.com | Storage bucket has no logging enabled. | To fulfill HIPAA requirements for logging of all activity including access and actions taken, enable logging for your storage buckets by using "gsutil logging set on" command | More info | |
| SQL | Medium | HIPAA (Backup) | global | my-sql-instance | SQL database instance has no backup run, and so it can not be restored to a recent point. | To fulfill HIPAA requirements on restoring compromised services, ensure that all SQL instances are configured to have automated (scheduled) backups and can be restored to a recent point. | More info | |
| SQL | Medium | CIS 6.4 PCI DSS 4.2 HIPAA (Encryption) | global | my-sql-instance | SQL database instance has SSL/TLS disabled. | To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enforce all incoming connections to your SQL database instances to use SSL/TLS only. | More info | |
| SQL | High | PCI DSS 3.5 HIPAA (Encryption) | global | my-sql-instance | SQL database instance is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your SQL database instances are encrypted using CMK. | More info | |
| SQL | Medium | HIPAA (Backup) | global | my-sql-instance3 | SQL database instance has no backup run, and so it can not be restored to a recent point. | To fulfill HIPAA requirements on restoring compromised services, ensure that all SQL instances are configured to have automated (scheduled) backups and can be restored to a recent point. | More info | |
| SQL | Medium | CIS 6.4 PCI DSS 4.2 HIPAA (Encryption) | global | my-sql-instance3 | SQL database instance has SSL/TLS disabled. | To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enforce all incoming connections to your SQL database instances to use SSL/TLS only. | More info | |
| SQL | High | PCI DSS 3.5 HIPAA (Encryption) | global | my-sql-instance3 | SQL database instance is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your SQL database instances are encrypted using CMK. | More info | |
| SQL | Medium | HIPAA (Backup) | global | my-sql-instance4 | SQL database instance has no backup run, and so it can not be restored to a recent point. | To fulfill HIPAA requirements on restoring compromised services, ensure that all SQL instances are configured to have automated (scheduled) backups and can be restored to a recent point. | More info | |
| SQL | Medium | CIS 6.4 PCI DSS 4.2 HIPAA (Encryption) | global | my-sql-instance4 | SQL database instance has SSL/TLS disabled. | To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enforce all incoming connections to your SQL database instances to use SSL/TLS only. | More info | |
| SQL | High | PCI DSS 3.5 HIPAA (Encryption) | global | my-sql-instance4 | SQL database instance is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your SQL database instances are encrypted using CMK. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-east1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-east4 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-west1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-west2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-west3 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-west4 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | us-central1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | northamerica-northeast1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | northamerica-northeast2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | southamerica-east1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | southamerica-west1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-west1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-west2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-west3 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-west4 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-west6 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-north1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | europe-central2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-south1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-south2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-southeast1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-southeast2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-east1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-east2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-northeast1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-northeast2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | asia-northeast3 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | australia-southeast1 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| VPC Network | Medium | CIS 3.8 PCI DSS 10.2 HIPAA (Audit) | australia-southeast2 | default | VPC subnet has VPC flow logs disabled. | To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network. | More info | |
| Dataflow | High | PCI DSS 3.5 HIPAA (Encryption) | global | my-dataflow-job | Dataflow job is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Dataflow jobs are encrypted using CMK. | More info | |
| BigQuery | High | CIS 7.3 PCI DSS 3.5 HIPAA (Encryption) | global | sylvan-surf-339107:my_dataset | BigQuery dataset is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your BigQuery datasets are encrypted using CMK. | More info | |
| BigQuery | High | CIS 7.3 PCI DSS 3.5 HIPAA (Encryption) | global | sylvan-surf-339107:my_dataset2 | BigQuery dataset is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your BigQuery datasets are encrypted using CMK. | More info |