608845214082
Overview
Critical
0High
0Medium
20Low
0Informational
0Security issues (20)
| Severity | Non-Compliance | Issue | Remediation | Read more | Action |
|---|---|---|---|---|---|
| Medium | — | 'Define Allowed External IPs for VM Instances' constraint is not enforced at the organization level. | To minimize your instances' exposure to the Internet, ensure 'Define Allowed External IPs for VM Instances' constraint is enforced to allow you to define the VM instances that are allowed to use external IP addresses. | More info | |
| Medium | — | 'Disable Automatic IAM Grants for Default Service Accounts' is not enforced at the organization level. | To improve access security, ensure 'Disable Automatic IAM Grants for Default Service Accounts' is enforced. | More info | |
| Medium | — | 'Detailed Audit Logging Mode' is not enforced at the organization level. | To fulfill compliance requirements such as SEC Rule 17a-4(f), CFTC Rule 1.31(c)-(d), and FINRA Rule 4511(c), ensure 'Detailed Audit Logging Mode' is enforced. | More info | |
| Medium | — | 'Disable Automatic IAM Grants for Default Service Accounts' is not enforced at the organization level. | To improve access security, ensure 'Disable Automatic IAM Grants for Default Service Accounts' is enforced. | More info | |
| Medium | — | 'Disable Guest Attributes of Compute Engine Metadata' is not enforced at the organization level. | For security reasons, ensure 'Disable Guest Attributes of Compute Engine Metadata' is enforced. | More info | |
| Medium | — | 'Disable Workload Identity Cluster Creation' is not enforced at the organization level. | To tightly control service account access in your organization, ensure 'Disable Workload Identity Cluster Creation' is enforced. | More info | |
| Medium | — | 'Disable Service Account Key Creation' is not enforced at the organization level. | To minimize the risk of mishandling user-managed keys, ensure 'Disable Service Account Key Creation' is enforced. | More info | |
| Medium | — | 'Disable Service Account Key Upload' is not enforced at the organization level. | To minimize the risk of mishandling user-managed keys, ensure 'Disable Service Account Key Upload' is enforced. | More info | |
| Medium | — | 'Disable VM serial port access' is not enforced at the organization level. | Due to security and compliance regulations, ensure 'Disable VM serial port access' is enforced. | More info | |
| Medium | — | 'Restrict VM IP Forwarding' is not enforced at the organization level. | To improve security and achieve regulatory compliance by explicitly defining the resource name of the VM instances allowed to use IP forwarding, ensure 'Restrict VM IP Forwarding' is enforced. | More info | |
| Medium | — | 'Resource Location Restriction' is not enforced at the organization level. | To achieve regulatory compliance by explicitly defining the locations allowed to deploy Google Cloud resources for your organization, ensure 'Resource Location Restriction' is enforced. | More info | |
| Medium | — | 'Require OS Login' is not enforced at the organization level. | To have centralized and automated SSH key pair management, ensure 'Require OS Login' is enforced. | More info | |
| Medium | — | 'Restrict Authorized Networks on Cloud SQL instances' is not enforced at the organization level. | To deny IAM members to add authorized networks in order to provide access to your security-critical SQL database instances, ensure 'Restrict Authorized Networks on Cloud SQL instances' is enforced. | More info | |
| Medium | — | 'Restrict Load Balancer Creation for Types' is not enforced at the organization level. | To allow only compliant load balancer types to be used to create Google Cloud load balancers for the GCP projects and folders within your organization, ensure 'Restrict Load Balancer Creation for Types' is enforced. | More info | |
| Medium | — | 'Restrict Shared VPC Subnetworks' is not enforced at the organization level. | To allow only a set of shared VPC subnetworks that eligible Google Cloud resources can use, ensure 'Restrict Shared VPC Subnetworks' is enforced. | More info | |
| Medium | — | 'Restrict VPC Peering' is not enforced at the organization level. | To allow only a set of VPC networks that are allowed to be peered with the networks created for your project, folder, or organization, ensure 'Restrict VPC Peering' is enforced. | More info | |
| Medium | — | 'Restrict VPN Peer IPs' is not enforced at the organization level. | To allow only a set of trusted IPv4 addresses can be configured as VPN peer IPs within your Google Cloud organization, ensure 'Restrict VPN Peer IPs' is enforced. | More info | |
| Medium | — | 'Skip Default Network Creation' is not enforced at the organization level. | To follow security best practices and meet networking requirements, ensure 'Skip Default Network Creation' is enforced. | More info | |
| Medium | — | 'Define Trusted Image Project' is not enforced at the organization level. | To allow only a set of images from trusted GCP projects to be used for boot disks for new VM instances, ensure 'Define Trusted Image Project' is enforced. | More info | |
| Medium | — | 'Enforce uniform bucket-level access' is not enforced at the organization level. | To enforce uniform bucket-level access for all Google Cloud Storage buckets available in your organization, ensure 'Enforce uniform bucket-level access' is enforced. | More info |