Cloud Security Rules

RULE	SERVICE GROUP
M GKE Workload Identity is disabled	Container
M Global Accelerator flow logs are disabled.	Global Accelerator
M Global services are not monitored by exactly one CloudTrail trail	CloudTrail
M Glue CloudWatch log encryption is disabled	Glue
M Glue does not encrypt data stored in the S3 bucket	Glue
M Glue policy has wildcard action	Glue
M Glue policy has wildcard principal	Glue
M Google Cloud Storage bucket is encrypted at rest	Cloud Storage
M Google Compute Firewall Rules have unnecessary port ranges opened for inbound traffic	Compute Engine
M Google storage bucket does not use customer-managed keys to encrypt data	Cloud Storage
M Hadoop Secure Mode/Kerberos is not enabled	Dataproc
M High severity security notifications disabled	Security Center
M IAM authentication for RDS cluster is disabled	RDS
M IAM default audit log config does not include 'DATA_READ' and 'DATA_WRITE' log types	IAM
M IAM default audit log config should not exempt any users	Monitor
M IAM Delegated admin is misconfigured	IAM
M IAM password policy does not expire passwords within 90 days	IAM
M IAM password policy does not prevent reuse of previously used passwords	IAM
M IAM password policy does not prevent reuse of the four previously used passwords	IAM
M IAM password policy does not require at least one lowercase letter	IAM
M IAM password policy does not require at least one number	IAM
M IAM password policy does not require at least one symbol	IAM
M IAM password policy does not require at least one uppercase letter	IAM
M IAM password policy does not require minimum password length of 7 or does not include alphanumeric characters	IAM
M IAM password policy minimum password length is too short	IAM
M IAM permission assigned to user	IAM
M IAM policy is attached to user	IAM
M IAM principal has no permissions boundary	IAM
M IAM principal has overly permissive permissions boundary	IAM
M IAM role used for trust relationship does not have MFA or external IDs	IAM

Previous Next

AWS

Azure

Google

Kubernetes