Project contains resources over the 75% limit: 'Snapshots' has 750 of 1000 resources, 'Networks' has 4 of 5 resources, 'URL maps' has 8 of 10 resources.
Request an increase of resource quotas via GCP support, to make sure the number of available resources is within the per-account limits.
'Define Allowed External IPs for VM Instances' constraint is not enforced at the organization level.
To minimize your instances' exposure to the Internet, ensure 'Define Allowed External IPs for VM Instances' constraint is enforced to allow you to define the VM instances that are allowed to use external IP addresses.
'Detailed Audit Logging Mode' is not enforced at the organization level.
To fulfill compliance requirements such as SEC Rule 17a-4(f), CFTC Rule 1.31(c)-(d), and FINRA Rule 4511(c), ensure 'Detailed Audit Logging Mode' is enforced.
'Restrict VM IP Forwarding' is not enforced at the organization level.
To improve security and achieve regulatory compliance by explicitly defining the resource name of the VM instances allowed to use IP forwarding, ensure 'Restrict VM IP Forwarding' is enforced.
'Resource Location Restriction' is not enforced at the organization level.
To achieve regulatory compliance by explicitly defining the locations allowed to deploy Google Cloud resources for your organization, ensure 'Resource Location Restriction' is enforced.
'Restrict Authorized Networks on Cloud SQL instances' is not enforced at the organization level.
To deny IAM members to add authorized networks in order to provide access to your security-critical SQL database instances, ensure 'Restrict Authorized Networks on Cloud SQL instances' is enforced.
'Restrict Load Balancer Creation for Types' is not enforced at the organization level.
To allow only compliant load balancer types to be used to create Google Cloud load balancers for the GCP projects and folders within your organization, ensure 'Restrict Load Balancer Creation for Types' is enforced.
'Restrict VPC Peering' is not enforced at the organization level.
To allow only a set of VPC networks that are allowed to be peered with the networks created for your project, folder, or organization, ensure 'Restrict VPC Peering' is enforced.
'Restrict VPN Peer IPs' is not enforced at the organization level.
To allow only a set of trusted IPv4 addresses can be configured as VPN peer IPs within your Google Cloud organization, ensure 'Restrict VPN Peer IPs' is enforced.
'Define Trusted Image Project' is not enforced at the organization level.
To allow only a set of images from trusted GCP projects to be used for boot disks for new VM instances, ensure 'Define Trusted Image Project' is enforced.
'Enforce uniform bucket-level access' is not enforced at the organization level.
To enforce uniform bucket-level access for all Google Cloud Storage buckets available in your organization, ensure 'Enforce uniform bucket-level access' is enforced.
Managed zone uses RSASHA1 algorithm for zone signing.
To prevent DNS hijacking or man in the middle attacks, ensure that your DNS managed zones have DNSSEC security feature enabled and are not using the RSASHA1 algorithm for zone signing.
Kubernetes cluster has auto-upgrade disabled for the node pool: default-pool.
To ensure the latest security patches are installed and each node stays current with the latest version of the master branch, enable auto-upgrade for all node pools in your Kubernetes Engine clusters.
Kubernetes cluster has master authorized networks disabled.
To allow IP addresses in the specified CIDR ranges to access your cluster control plane endpoint using HTTPS, enable master authorized networks on all Kubernetes clusters.
Kubernetes cluster does not have private endpoint enabled.
To route all traffic between the Kubernetes worker and control plane nodes over a private VPC endpoint rather than across the public internet, ensure all Kubernetes clusters have private endpoint enabled.
Kubernetes cluster does not have Shielded Nodes feature enabled.
To limit the ability of an attacker to impersonate a node in your cluster even if the attacker is able to extract the node credentials, ensure all Kubernetes clusters have Shielded Nodes feature enabled.
Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs).
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk.
For security and compliance reasons, as instances with IP Forwarding enabled act as routers/packet forwarders, delete the VM instances with IP forwarding enabled and redeploy them with IP forwarding disabled.
Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs).
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk.
Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs).
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk.
Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs).
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk.
Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs).
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk.
Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs).
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk.
Disk is not encrypted with Customer-Supplied Encryption Keys (CSEKs).
To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, re-deploy a new Compute disk with CSEKs enabled, then delete the old non-encrypted disk.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
To fulfill HIPAA and PCI DSS compliance requirements for logging of all network access to environments containing sensitive data, ensure that VPC Flow Logs is enabled for every subnet created within your VPC network.
VPC subnet does not have Private Google Access enabled.
To createe a more secure network that allows VM instances on a subnet to reach Google APIs and services without an IP address, ensure Private Google Access is enabled for all subnets.
SQL database instance is publicly accessible from all IP addresses.
To fulfill HIPAA and PCI DSS requirements on strict access and integrity controls, ensure that all SQL instances are configured to accept connections from trusted networks and IP addresses only.
SQL database instance has no backup run, and so it can not be restored to a recent point.
To fulfill HIPAA requirements on restoring compromised services, ensure that all SQL instances are configured to have automated (scheduled) backups and can be restored to a recent point.
To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enforce all incoming connections to your SQL database instances to use SSL/TLS only.
MySQL database instance has "slow_query_log" flag disabled.
To simplify the task of finding inefficient or time-consuming SQL queries, ensure all your MySQL database instances have the "slow_query_log" flag enabled.
SQL database instance is publicly accessible from all IP addresses.
To fulfill HIPAA and PCI DSS requirements on strict access and integrity controls, ensure that all SQL instances are configured to accept connections from trusted networks and IP addresses only.
SQL database instance has no backup run, and so it can not be restored to a recent point.
To fulfill HIPAA requirements on restoring compromised services, ensure that all SQL instances are configured to have automated (scheduled) backups and can be restored to a recent point.
To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enforce all incoming connections to your SQL database instances to use SSL/TLS only.
PostgreSQL database instance has "log_connections" flag disabled.
To ensure each attempted connection to the database instance to be logged, ensure all your PostgreSQL database instances have the "log_connections" flag enabled.
PostgreSQL database instance has "log_lock_waits" flag disabled.
To diagnose poor performance due to locking delays and identify underlying security and performance issues, ensure all your PostgreSQL database instances have the "log_lock_waits" flag enabled.
PostgreSQL database instance has "log_min_duration_statement" flag enabled.
To avoid logging statements with sensitive information, ensure all your PostgreSQL database instances have the "log_min_duration_statement" flag set to -1 (i.e. disabled).
PostgreSQL database instance does not have "log_min_error_statement" flag set to Error.
As the best practice setting, ensure all your PostgreSQL database instances have the "log_min_error_statement" flag (the minimum message severity level considered an error statement) to be set to Error (or stricter).
PostgreSQL database instance has "log_temp_files" flag disabled.
To diagnose potential performance issues that can be created by poor programming practices, ensure all your PostgreSQL database instances have the "log_temp_files" flag set to 0 (enabled).
SQL database instance is publicly accessible from all IP addresses.
To fulfill HIPAA and PCI DSS requirements on strict access and integrity controls, ensure that all SQL instances are configured to accept connections from trusted networks and IP addresses only.
SQL database instance has no backup run, and so it can not be restored to a recent point.
To fulfill HIPAA requirements on restoring compromised services, ensure that all SQL instances are configured to have automated (scheduled) backups and can be restored to a recent point.
To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enforce all incoming connections to your SQL database instances to use SSL/TLS only.
SQL server database instance has "cross db ownership chaining" flag enabled.
Unless all of the databases hosted by the SQL Server need to participate in cross-database ownership chaining, ensure the "cross db ownership chaining" SQL Server engine flag is disabled.
To fulfill HIPAA requirements for logging of all activity including access and actions taken, enable logging for your storage buckets by using "gsutil logging set on" command
To fulfill HIPAA requirements for logging of all activity including access and actions taken, enable logging for your storage buckets by using "gsutil logging set on" command
To fulfill HIPAA requirements for logging of all activity including access and actions taken, enable logging for your storage buckets by using "gsutil logging set on" command
To fulfill HIPAA requirements for logging of all activity including access and actions taken, enable logging for your storage buckets by using "gsutil logging set on" command
Storage bucket has anonymous and/or public access.
To prevent access from anonymous and/or public users, make sure the allUsers and allAuthenticatedUsers are removed from IAM policy for all storage bucket.