Cloud Security Rules

RULE	SERVICE GROUP
H Backend service is not enforcing HTTPS	Compute Engine
H Compute instance uses the default service account	Compute Engine
H Encryption key is exposed in instance template configuration	Compute Engine
H Persistent disk is not encrypted at rest	Compute Engine
H Unrestricted RDP access	Compute Engine
M Backend service logging is disabled	Compute Engine
M Compute firewall allows unrestricted SSH access	Compute Engine
M Compute instance delete protection is disabled	Compute Engine
M Compute instance uses the default service account with full access to all Cloud APIs	Compute Engine
M Customer supplied encryption keys are not used to encrypt compute disk	Compute Engine
M Customer-supplied encryption keys are not used to encrypt VM compute instance	Compute Engine
M Default service account is used	Compute Engine
M Dual-homed Compute instances should be checked	Compute Engine
M Enable Logging for HTTP(S) Load Balancer	Compute Engine
M Google Compute Firewall Rules have unnecessary port ranges opened for inbound traffic	Compute Engine
M IP forwarding is enabled	Compute Engine
M IP forwarding is enabled on the instance	Compute Engine
M OS Login is disabled	Compute Engine
M Packet mirroring resource in use	Compute Engine
M Project-wide SSH keys are allowed	Compute Engine
M Public IP is assigned to compute instance	Compute Engine
M Serial port is enabled	Compute Engine
M SSL policy allows weak algorithms	Compute Engine
M VPC flow logs for VPC network subnets are disabled	Compute Engine
L Compute firewall allows open egress	Compute Engine
L Instance IP assignment is not set to private	Compute Engine
L OS Login is disabled on instance	Compute Engine
L Shielded VM is disabled	Compute Engine

AWS

Azure

Google

Kubernetes